Web application developer, database administrator, project lead in a variety of enterprise apps and now article author. Interested in database design and optimization. Amazed and involved in distributed systems development. Cryptography and information security fan.
In a previous article, we found out about Guzzle and how it can aid us in the task of establishing communication with third party API’s over HTTP. We used it to get the output of a random number generator and basic interaction with Github’s API. It also offers a series of ‘subscribers’, log-subscriber being one of them and showed us how easy it was to integrate monolog into it.
While interacting with Github’s API we discovered that it supports basic authentication (sending plain username/password). But what if the API we want to use just offers OAUTH authentication?
Implementing OAUTH from scratch can be a hard and time consuming task, and would be like reinventing the wheel… You could grab a third party library to deal with OAUTH requests, but why do that when guzzle has its own OAUTH subscriber? Yay!
First of all, I have to make you aware that Guzzle has dropped support for PHP 5.3, so you’ll need PHP 5.4 to follow this exercise. The installation instructions from the previous article changed a little bit, yet composer makes our lives a lot easier.
Our goal is to interact with the Twitter API and get our own timeline for which ever purpose we need. We’ll begin with our composer.json file:
In a past article, password hashing was discussed as a way to securely store user credentials in an application. Security is always a very controversial topic, much alike politics and religion, where many points of view exist and a ‘perfect solution’ for someone is not the same to others. In my opinion, breaking an application’s security measures is just a matter of time. With computer power and complexity increasing every day, today’s secure applications will not be so secure tomorrow.
For our readers who are not familiar with what a hash algorithm is, it’s nothing more than a one way function that maps data of variable length to data of fixed length. So if we analyze the above definition we need to understand the following requirements and characteristics of such algorithms:
- One way function: the output cannot be reversed using an efficient algorithm.
- Maps data of variable length to data of fixed length: meaning that the input message space can be “infinite”, but the output space is not. This has the implication that 2 or more input messages can have the same hash. The smaller the output space, the greater the probability of a ‘collision’ between two input messages.
md5 has confirmed practical collisions and sha1’s probabilities for reaching a collision are growing every day (more info in collision probability can be found by analyzing the classic Birthday Problem), so if we need to apply a hashing algorithm, we should use the ones that have greater output space (and a negligible collision probability), such as sha256, sha512, whirlpool, etc…
They are also called ‘Pseudo-random functions’, meaning that the output of a hashing function should be indistinguishable from a true random number generator (or TRNG).
As you probably know, website development can be broken up into 2 main areas: Front end (what the end user sees) Back end (what the server has to do in order to provide the requested data) While front end development frequently uses several data sources to display a page, simple dynamic sites would only depend […]