If you can't read please download the document

Implementing security routines with zf2

Embed Size (px)

DESCRIPTION

Implementing security routines with ZF2

Citation preview

  • 1. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brImplementing SecurityRoutines withZend Framework 2by Er Galvo AbbottAuthenticationFilter & ValidationPassword Recovery CryptographyAuthorizationCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 1 / 34Brute-Force

2. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brEr Galvo Abbott is the President of ABRAPHP BrazilianAssociation of PHP Professionals and Director ofPHP Conference Brasil.Works for 20 years developing web interfaced systems andapplications, being 15 of those with PHP and 7 with ZendFramework. Have worked with several companies, both local andoff-shore.Talks at events, teaches both on-site and on-line courses and isthe founder and leader of the PHPBR UG, a national User Group thatcounts with more than 1.200 registered users.Site: http://www.galvao.eti.br/Twitter: @galvaoSlides and Documents: http://slideshare.net/ergalvaohttps://speakerdeck.com/galvaoGithub: http://github.com/galvaoWho?!CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 2 / 34 3. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brGoalDiscuss in both conceptual and technical detail about how toimplement Security Routines with Zend Framework 2.I'll present the following topics: Authentication Brute-force protection Password recovery Cryptography Authorization Data Filtering and ValidationCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 3 / 34 4. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brSecurity != a piece of cake*Why? Because, for an example, I'm required to tell you this:CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 4 / 34* Not the framework(Hilarious!)Before we begin 5. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brSecurity != a piece of cake*Why? Because, for an example, I'm required to tell you this:Disclaimer (or the Not my fault part)!Perfect|Complete$this is... !Fool proof!The only|right wayFound out an example why? Let me know!CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 5 / 34* Not the framework(Hilarious!)Before we begin 6. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brAuthenticationCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 6 / 34 7. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brAuthenticationZfcUser, right?!CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 7 / 34 8. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brAuthenticationZfcUser, right?!YES! Well...CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 8 / 34 9. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brLet's talk about wheels...AuthenticationIf you don't [want to]know much about security...http://modules.zendframework.com/ZF-Commons/ZfcUserCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 9 / 34 10. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brLet's talk about wheels...AuthenticationIf you don't [want to]know much about security...http://modules.zendframework.com/ZF-Commons/ZfcUserif you do...AuthenticationCryptFilterFormCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 10 / 34 11. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brNow that we've put that aside...AuthenticationAuthentication Service*Cryptography (Can also be a) Service*Authentication attempts Event* Yes, yes, it could be done as a Module, Plugin, etc...-.-CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 11 / 34 12. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brAuthenticationShow me the code!CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 12 / 34 13. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brcodeAuthentication &Cryptography< Dynamic storage;3. Ideally, role of the current user should be fetched dynamically...4. and a user's role should be immutable.CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 25 / 34 26. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brAuthorizationZendPermissionAclCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 26 / 34 27. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / ValidationCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 27 / 34 28. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / ValidationA few not-so-obvious-things to consider:1. Filter first, then Validate;2. Filtering changes data, backup raw data;3. White List whenever possible (Ideally? ALWAYS)4. K.I.S.S.CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 28 / 34 29. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / ValidationA few not-so-obvious-things to consider:1. Filter first, then Validate;2. Filtering changes data, backup raw data;3. White List whenever possible (Ideally? ALWAYS)4. K.I.S.S. (Keep It Simple, Stupid...)CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 29 / 34 30. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / ValidationA few not-so-obvious-things to consider:1. Filter first, then Validate;2. Filtering changes data, backup raw data;3. White List whenever possible (Ideally? ALWAYS)4. K.I.S.S. (Keep It Simple, Stupid...ly beautiful people!)CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 30 / 34 31. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / Validation Flexibility in ZF2In the formFilter &Validation In the modelSeparatedCC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 31 / 34 32. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brFilter / ValidationShow me the code!CC Attribution-ShareAlike 3.0 Unported License by Er Galvo Abbott - 11/8/14 - 32 / 34 33. Implementing Security Routines with Zend Framework 2 www.galvao.eti.brcodeFilter &Validation


PhlyRestfully - ZF2 module for creating RESTful JSON APIs

PhlyRestfully - ZF2 module for creating RESTful JSON APIs

Documents
Zf2 Tutorial Dev Allen

Zf2 Tutorial Dev Allen

Documents
PhlyRestfully - ZF2 module for creating RESTful JSON APIsPhlyRestfully - ZF2 module for creating RESTful JSON APIs, Release 2.1.0dev •Make a request, using the Accept header with

PhlyRestfully - ZF2 module for creating RESTful JSON APIsPhlyRestfully - ZF2 module for creating RESTful JSON APIs, Release 2.1.0dev •Make a request, using the Accept header with

Documents
RESTful modules in zf2

RESTful modules in zf2

Technology
ZF2 Presentation @PHP Tour 2011 in Lille

ZF2 Presentation @PHP Tour 2011 in Lille

Technology
PhlyRestfully - ZF2 module for creating RESTful JSON APIs - ZF2 module for creating RESTful JSON APIs, Release 2.1.0dev 2 CONTENTS. CHAPTER ONE HAL PRIMER HAL, short for “Hypermedia

PhlyRestfully - ZF2 module for creating RESTful JSON APIs - ZF2 module for creating RESTful JSON APIs, Release 2.1.0dev 2 CONTENTS. CHAPTER ONE HAL PRIMER HAL, short for “Hypermedia

Documents
ZF2 Events - spaceweb.nl · ZF2 events are both triggered and handled server side ZF2 events implement the Observer or PubSub (Publish-subscribe) pattern There are many built-in events

ZF2 Events - spaceweb.nl · ZF2 events are both triggered and handled server side ZF2 events implement the Observer or PubSub (Publish-subscribe) pattern There are many built-in events

Documents
The MVC architecture of ZF2 - Zend

The MVC architecture of ZF2 - Zend

Documents
Zf2 how arrays will save your project

Zf2 how arrays will save your project

Documents
Build a custom (micro)framework with ZF2 Components (as building blocks)

Build a custom (micro)framework with ZF2 Components (as building blocks)

Technology
Build RESTful ZF2 Applications - Zend · Build RESTful ZF2 Applications Matthew Weier O’Phinney @mwop

Build RESTful ZF2 Applications - Zend · Build RESTful ZF2 Applications Matthew Weier O’Phinney @mwop

Documents
Getting Started with ZF2 - index-of.esindex-of.es/PHP/ZF2_Getting_Started.pdf · The ZF2 way: Event-Driven Services. Services. Why? Decoupling. Contract Oriented Design Favor composition

Getting Started with ZF2 - index-of.esindex-of.es/PHP/ZF2_Getting_Started.pdf · The ZF2 way: Event-Driven Services. Services. Why? Decoupling. Contract Oriented Design Favor composition

Documents
The MVC architecture of ZF2 - zend.com · © All rights reserved. Zend Technologies, Inc. The MVC architecture of ZF2 by Enrico Zimuel (enrico@zend.com) Senior Software Engineer Zend

The MVC architecture of ZF2 - zend.com · © All rights reserved. Zend Technologies, Inc. The MVC architecture of ZF2 by Enrico Zimuel ([email protected]) Senior Software Engineer Zend

Documents
zf2 pattern

zf2 pattern

Documents
Rubedo cms, a NoSQL, ZF2 & Elasticsearch CMS

Rubedo cms, a NoSQL, ZF2 & Elasticsearch CMS

Documents
Zend Framework 2 - akrabat.com · Zend Framework 2 Rob Allen PHPNW October 2011 twitter: @akrabat. The experiment. Agenda • The state of ZF2 • ZF2 foundations • A look at a

Zend Framework 2 - akrabat.com · Zend Framework 2 Rob Allen PHPNW October 2011 twitter: @akrabat. The experiment. Agenda • The state of ZF2 • ZF2 foundations • A look at a

Documents
Introduction ZF2 - at HoangNguyen

Introduction ZF2 - at HoangNguyen

Technology
Building secure web applications using ZF2 - Zend

Building secure web applications using ZF2 - Zend

Documents
Zf2 Exemplo Hello World

Zf2 Exemplo Hello World

Documents
Domain Driven Design With ZF2 Intro - Zend

Domain Driven Design With ZF2 Intro - Zend

Documents
Code Generation in ZF2

Code Generation in ZF2

Documents
RESTful Services made easy with ZF2 - akrabat.com Services made easy with ZF2 by Rob Allen and Matthew Weier O’Phinney January 2013. About us Rob Allen ... web service • Base URI

RESTful Services made easy with ZF2 - akrabat.com Services made easy with ZF2 by Rob Allen and Matthew Weier O’Phinney January 2013. About us Rob Allen ... web service • Base URI

Documents
Domain Driven Design With ZF2 Intro - Zend the PHP · PDF fileDomain Driven Design With ZF2 Intro ... domain and can be used to solve problems related to that domain. ... Most airlines

Domain Driven Design With ZF2 Intro - Zend the PHP · PDF fileDomain Driven Design With ZF2 Intro ... domain and can be used to solve problems related to that domain. ... Most airlines

Documents
Zend server 6 using zf2, 2013 webinar

Zend server 6 using zf2, 2013 webinar

Technology
ZF2 Modular Architecture - Taking advantage of it

ZF2 Modular Architecture - Taking advantage of it

Technology
Building Secure App Using ZF2

Building Secure App Using ZF2

Documents
€¦  · Web viewDaily Routines. Daily Routines. Daily Routines. Blank Calendar . Blank Calendar . Blank Calendar . Household Routines and Preferences. Household Routines and Preferences

€¦  · Web viewDaily Routines. Daily Routines. Daily Routines. Blank Calendar . Blank Calendar . Blank Calendar . Household Routines and Preferences. Household Routines and Preferences

Documents
Implementing Optimized Collective Communication Routines ...web.cs.iastate.edu/~cs425/presentations/miller-presentation.pdfImplementing Optimized Collective Communication Routines

Implementing Optimized Collective Communication Routines ...web.cs.iastate.edu/~cs425/presentations/miller-presentation.pdfImplementing Optimized Collective Communication Routines

Documents
Behavioural Driven Development in Zf2

Behavioural Driven Development in Zf2

Technology
Build RESTful ZF2 Applications - index-of.esindex-of.es/PHP/ZF2_REST.pdf · Model to ZF2. Areas of Concern • Routing (unique URLs per resource, link generation) • AbstractRestfulController

Build RESTful ZF2 Applications - index-of.esindex-of.es/PHP/ZF2_REST.pdf · Model to ZF2. Areas of Concern • Routing (unique URLs per resource, link generation) • AbstractRestfulController

Documents