Validate input using zend-validator

In our previous post, we covered zend-filter, The filters in zend-filter are generally used to pre-filter or normalize incoming data. This is all well and good, but we still don't know if the data is valid. That's where zend-validator comes in. Installatio ... (continue)

Filter input using zend-filter

When securing your website, the mantra is "Filter input, escape output." We previously covered escaping output with our post on zend-escaper. We're now going to turn to filtering input. Filtering input is rather complex, and spans a number of pra ... (continue)

Zend Framework and PHP 7.1

When we announced Zend Framework 3 last year, one of the changes was setting the minimum supported PHP version to 5.6. Our initial plan was to support 5.6 until it reaches end-of-life, which occurs 31 December 2018. PHP 5.6, however, stopped receiving acti ... (continue)

Leverage Zend Component Plugin Managers in Expressive

With the release of Expressive 2, one of the key stories was the ability to require ZF components within Expressive, and have their dependencies auto-wired into your application courtesy of the component installer. However, we recently had a user in our Sl ... (continue)

Context-specific escaping with zend-escaper

Security of your website is not just about mitigating and preventing things like SQL injection; it's also about protecting your users as they browse the site from things like cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), and more. ... (continue)

Manage permissions with zend-permissions-acl

The last couple posts have been around authorization, the act of determining if a given identity has access to a resource. We covered usage of role based access controls, as well as middleware that uses an RBAC. In this post, we'll explore another option p ... (continue)

Authorize users using Middleware

In a previous post, we demonstrated how to authenticate a middleware application in PHP. In this post we will continue the discussion, showing how to manage authorizations. We will start from an authenticated user and demonstrate how to allow or disable ac ... (continue)

Community Corner: Discourse Forums!

For many years, we've had requests for dedicated Zend Framework forums. We've resisted doing so, and instead deferred to using mailing lists and Stack Overflow tags. However, these are imperfect: searching for questions and answers is often difficult if no ... (continue)

Manage permissions with zend-permissions-rbac

In our previous post, we covered authentication of a user via Expressive middleware. In that post, we indicated that we would later discuss authorization, which is the activity of checking if an authenticated user has permissions to perform a specific acti ... (continue)

Middleware authentication

Many web applications require restricting specific areas to authenticated users, and may further restrict specific actions to authorized user roles. Implementing authentication and authorization in a PHP application is often non-trivial as doing so require ... (continue)



Subscribe to this blog via RSS.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.