SensioLabsOfficial (@SensioLabsOfficial@mastodon.social)
⏱️ One month to go until #APIPlatformCon25 🕸️
Can't wait to join the fantastic @ApiPlatform community in Lille on 18–19 Sept 🥳
🙌 Don't miss talks by Mathieu Santostefano & Imen Ezzine from the SensioLabs Tech Team
More info 👉 https://bit.ly/3JlOvST
#PHP #Symfony #community #event #APIPlatform
Show Original Post
Crell (@Crell@phpc.social)
Are you coming to Longhorn PHP in Austin this October?
You should, because I'll be blowing your mind about what PHP properties can do now. It's time to reimagine what PHP can do...
https://longhornphp.com/sessions#a-field-guide-to-phproperties
Get your tickets now, as the price goes up after this week.
Show Original Post
chris (@chris@social.uggs.io)
Meine Web-App zum verwalten meiner Stromzähler und kosten nimmt langsam Form an.
API für Home Assistant geht auch schon.
Next stop: Automatisches auslesen von Smart-Meter Leseköpfen!
#SelfHosted #SelfHosted #HomeAssistant #programming #php #power #costs #solution #linux
Show Original Post
jclermont (@jclermont@phpc.social)
I use the screenshot feature in macOS all the time. The default save-to-desktop behavior works for me most of the time, but I wanted to copy screenshots to the clipboard occasionally. Here are two ways to do it. #php #laravel https://masteringlaravel.io/daily/2025-08-18-how-to-selectively-copy-screenshots-to-the-clipboard-in-macos
Show Original Post
radwebhosting (@radwebhosting@mastodon.social)
How to Install Centmin Mod on #AlmaLinux #VPS (5 Minute Quick-Start Guide) Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #centminmod #letsencrypt #csf #php
Show Original Post
admin (@admin@mastodon.raddemo.host)
Laravel vs Symfony: A Comprehensive Comparison of #PHP #Frameworks
This article provides a guide concerning #Laravel vs Symfony: a comprehensive comparison of PHP frameworks.
Laravel vs Symfony: A Comprehensive Comparison of PHP Frameworks
Laravel and #Symfony are two of the most popular PHP frameworks, widely used for building modern web applications. Both have strong communities, rich ecosystems, and are frequently chosen by ...
Continued 👉 https://blog.radwebhosting.com/laravel-vs-symfony-a-comprehensive-comparison-of-php-frameworks/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #websitedevelopment
Show Original Post
julian (@julian@phpc.social)
The Strangler Fig Pattern is a progressive migration strategy. This article demostrates its many advantages over rewriting the code from scratch
#PHP
https://getlaminas.org/blog/2025-08-06-strangler-fig-pattern.html
Show Original Post
nyamsprod (@nyamsprod@phpc.social)
I usually hate traits but I hate even more the PHP error control operator so I made this trait #PHP #trait
Show Original Post
beberlei (@beberlei@phpc.social)
Just published: My article on PHP Best Practices in Production is in the latest PHP magazin (in German)!
It covers:
- Performance and deployment tips
- Monitoring and error handling
- Common real-world mistakes to avoid
Read the full article: https://entwickler.de/php/produktiver-einsatz-php-best-practices
#PHP #WebPerformance #DevOps #Monitoring #Observability #Tideways #SoftwareEngineering #EntwicklerMagazin
Show Original Post
reynardsec (@reynardsec@infosec.exchange)
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
ItSec (walking by): ... and BAC?
dev0: BAC?
ItSec: Broken Access Control [1]. Did you actually test for it?
dev1: What's he on about this time?
Let's learn by example: imagine an endpoint that returns a specific invoice.
GET /api/invoices/123
Authorization: Bearer <token-for-user-A>
User A legitimately fetches invoice 123. Now change only the ID:
GET /api/invoices/124
Authorization: Bearer <token-for-user-A>
If the app returns 200 with User B's data, you've got Broken Access Control (aka IDOR).
Even worse, try a write operation:
PATCH /api/invoices/124
Authorization: Bearer <token-for-user-A>
{"status": "paid"}
If that works... it's a problem.
Access control enforces who can do what on which resource. When it's broken, attackers can act outside their permissions: read others data, modify or delete it, or trigger business functions they shouldn't. In practice, this often comes from missing server-side checks that tie the caller to the resource owner (or an allowed role).
Why your shiny scanners may have missed it:
1) SAST sees code patterns, not ownership semantics (it can't deduce "invoice 124 belongs to User B").
2) DAST usually crawls with one session; it rarely performs cross-identity trials (User A poking at User B's data).
3) CI/CD "green checks" mean dependencies, images, and common vulns look fine - not that your authorization logic is correct.
What can you do?
1) Enforce checks on the server (never rely on the client): before every read/update/delete, verify the caller is the owner or has a permitted role.
2) Centralize authorization in a service/middleware.
3) Prefer opaque, unguessable IDs (UUIDs) over sequential integers, but still enforce server checks (UUIDs are not security).
4) Deny by default. Make allow-lists explicit.
[1] https://owasp.org/Top10/A01_2021-Broken_Access_Control/#description
#webdev #cybersecurity #programming #java #php #nodejs #javascript
Show Original Post
decompwlj (@decompwlj@mathstodon.xyz)
A002837: Numbers k such that k^2 - k + 41 is prime
3D graph, threejs - webGL ➡️ https://decompwlj.com/3Dgraph/A002837.html
3D graph Gen, threejs animation ➡️ https://decompwlj.com/3DgraphGen/A002837.html
2D graph, first 500 terms ➡️ https://decompwlj.com/2Dgraph500terms/A002837.html
#decompwlj #math #mathematics #maths #sequence #OEIS #JavaScript #php #graph #3D #threejs #webGL #triangular #numbers #primes #PrimeNumbers #palindromes #animation #FundamentalTheoremOfArithmetic #sequences #NumberTheory #classification #integer #decomposition #number #theory #equation #graphs #sieve #fundamental #theorem #arithmetic #research
Show Original Post
decompwlj (@decompwlj@mathstodon.xyz)
My data have not been verified but my work is highly reproducible.
- Downloads (csv, img, dump) ➡️ https://decompwlj.com
- Algorithms ➡️ https://oeis.org/wiki/Decomposition_into_weight_*_level_%2B_jump#Algorithms
#decompwlj #math #mathematics #sequence #OEIS #javascript #php #numbers #PrimeNumbers #graph #downloads #algorithms #data #math #sieve
Show Original Post