Monday, July 3. 2006WSSE and ext/soap
I have gotten quite a few messages over the past month or so concerning implementing WSSE with ext/soap. Unfortunately I have had little to no time to write up anything on this or the other XML Security topics. If my time doesnt free up, you might have to wait until my presentation in Toronto. Until then here is some very basic, crude and unorganized code that should get anyone needing this functionality started.
Update (9/15/2006): New libraries and sample files are available. Please see the entry Slides from PHP|Works 2006 XML Canonicaliztion functions C14N() and C14NFile() have been added to DOM for PHP 5.2. Until this is released, I wrote some functionality to perform basic exclusive canonical XML (So far it has worked fine with all the Soap services implemeting WSSE I have encountered as well as XML using XMLDSIG). When used within a system running PHP 5.2 it will use the functionality built into the DOM extension rather than the custom implementation. For WSSE, here is a class extending SoapClient that can be used to add basic WSSE functionality to a soap request. It requires an additional xmldsig template file. The example code provides the following:
Disclaimer: This code is very crude, unorganized and built quickly using brute force - So if you dont like it, then dont use it - but dont bitch to me about it ![]() php|works 2006![]() Monday, May 8. 2006We Have A Winner
Although a difficult process, I have finally chosen the winner for the Pro PHP XML and Web Services contest. I received a large number of entries (more than expected), but did read every single one of them. The majority were very well done and ranged from someone threatening to bite their own leg off (nice picture btw) to the other extreme of threatening to beat with me a stick (was very funny if you happen to be familiar with Theo Schlossnagle's post for a junior programmer). Both of these were among the finalists, but the entry finally chosen stood out a bit more than the rest.
Congratulations to Brian Wurster from Arlington, Virginia (United States). What really set this entry apart was the creativity. The entry was submitted as a lone PHP script. Lucky for Brian it ran without errors because there was no way I was going to read all that code :), other than to notice it used the new PHP 5 OO features. I wish I had more books that I could have given out to many of you that entered, as there were a number of good entries, but unfortunately I was only allotted a limited amount and you know those family members; always have to mooch something from ya (just kidding everyone ... I think). Brian, the book is on its way. I hope you enjoy it and that it serves you well. Sunday, April 23. 2006Pro PHP XML and Web Services contest
After close to a year in the works, my book Pro PHP XML and Web Services was finally released on March 27th and recently got its first review (no, its not from anyone I know). The book is quite long, but comprehensive, coming in at around 936 pages. It not only covers working with XML using all the different extensions/parsers in PHP, but also explains many of the XML technologies and specifications in simple language rather than the often cryptic specifications. In any event, to celebrate its release (or maybe the fact that I am finally done and have time for myself again), I am giving away an autographed copy of this book to one lucky person.
Rather than ask you to find some answer to an obscure question, the contest is pretty easy. Simply send an email to contest@cdatazone.org before midnight EST on April 30th 2006 telling me why you want a copy and why I should give it to you rather than someone else. Be sure to include a valid return email address so I can contact the winner. I will try to announce a winner by May 7th, determined by the answer I find the most interesting, but depending upon the number of submissions it may take me a bit longer to read them all and make the final decision. Note: Email addresses will NOT be used for anything other than notifying the winner. Hint: Keep it short, to the point and I am easily amused. CDATA and encrypted/binary data
Recently I was asked about using a CDATA section to transport encrypted data and quickly answered that is was fine to do this but I failed to qualify this answer. In most cases, encrypted data is simply binary data. CDATA sections are used to escape text containing characters that may be recognized as XML markup, so naturally many people believe that binary data could directly be used as content within a CDATA section. This is where the problem begins...
CDATA can contain almost any characters except the sequence "]]>", which indicates the end of the CDATA section. So what happens if binary data containing this character sequence is placed within a CDATA section? The answer is quite simple. You no longer have well formed XML. Although the chances of this happening might be slim, an application using this approach that may have worked for a long time may all of a sudden be unable to process a document and its off to debug land trying to find out the issue. So how can this potential headache be avoided? Continue reading "CDATA and encrypted/binary data" Sunday, April 16. 2006PHP Quebec 2006
Having attended this conference for the past 2 years, I finally decided to do some presentations. Other than a minor glitch with my battery running out halfway through my first presentation (note to self - always remember to plug in the laptop), my workshop, Advanced XML and Web Services in PHP, went very well. I wish I could say the same for the presentation on the following day: XML Encryption and Authentication. After I couldnt get my laptop hooked into the AV equipment, I finally switched to a different laptop. First, the slides got corrupted when copying them to my flash drive and the exisitng ones were missing the last few slides. To top it off, I am familiar with using Impress (my latop ran linux) and the one I ended up using had MS Powerpoint (the right mought button sure doesnt do the same thing for these programs) and I continually kept having a stupid pop up appearing on the screen. The slides without the commentary don't do the presentations justice, but should at least give everyone an idea of the subject matter. [. . .]
Continue reading "PHP Quebec 2006" Finally Blogging
Today I finally got my own blog up and running - something I've been meaning to do for quite some time now. No longer will my posts need to deliver by others, like Christian Stocker (thanks by the way). The focus will be on XML and PHP, but as the name implies virtual anything goes.
Things still look a little bleak here, so stayed tuned for more to come.
« previous page
(Page 3 of 3, totaling 27 entries)
|