On the Tighten.co blog there's a tutorial posted from Jake Bathman for the Laravel users out there covering the APP_KEY value - what it is and how its used in your application. A recent Laravel security update fixed an issue with how APP_KEY is used. For someone to exploit this issue, they'd need to have access to the production APP_KEY. The simplest fix for the exploit is to rotate (change) your APP_KEY. That led some of us at Tighten to ask the question: What does the app key do? What is involved in rotating it? What are best practices for managing these keys for our Laravel applications? In this post, we'll talk about what APP_KEY does and doesn't do, some common misconceptions about its relationship to user password hashing, and the simple steps to changing your APP_KEY safely without losing access to your data. Before diving in too deep, he reminds the reader about a security release Laravel recently made to correct an issue with APP_KEY handling (and the recommendation to rotate it). It then moves on to talk about what the setting is, how to generate a new one and its use in cookies. It also tries to dispel myths around: its use for password hashing (it's not) where it is used for encryption rotating the key multi-server use It also makes a recommendation of the process to use for currently encrypted data that was created using the previous APP_KEY value and how to re-encrypt.

Latest PECL Releases:base58 0.1.3 First PECL release. protobuf 3.7.0RC3 GA release. parallel 0.8.1 - fix gh#11 Future::value after Future::select hangs redis 4.3.0RC1 phpredis 4.3.0RC1 This is probably the latest release with PHP 5 suport!!! Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko) RedisArray auth [b5549cff] (Pavlo Yatsukhnenko) Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko) Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder) Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder) Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko) Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko) Xgroup updates [15995c06] (Michael Grunder) RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko) Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko) Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko) Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko) Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius) Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko) Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko) Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp) Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder) Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko) Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko) Masters info leakfix [91bd7426] (Michael Grunder) Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko) Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko) Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee) Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder) datadog_trace 0.13.4 Special thanks to @stayallive for helping us debugging the memory issues in his environment! His help and guidance were of paramount importance. Fixed Accessing freed memory when instrumentation code un/instrumented itself #314 Freeing $this object prematurely in PHP-FPM VM #317 redis 4.2.1RC1 phpredis 4.2.1RC1 This is probably the latest release with PHP 5 suport!!! Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko) RedisArray auth [b5549cff] (Pavlo Yatsukhnenko) Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko) Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder) Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder) Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko) Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko) Xgroup updates [15995c06] (Michael Grunder) RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko) Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko) Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko) Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko) Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius) Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko) Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko) Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp) Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder) Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko) Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko) Masters info leakfix [91bd7426] (Michael Grunder) Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko) Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko) Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee) Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder) pdo_sqlsrv 5.6.0 [Added] - Added support for PHP 7.3 - Added support for Linux SUSE 15, Ubuntu 18.10 and mac OS Mojave - Feature Request [#415](https://github.com/Microsoft/msphpsql/pull/886) - new options at connection and statement levels for both drivers for formatting decimal values in the fetched results - Added support for Azure AD Access Token (in Linux / macOS this requires [MS ODBC Driver 17+](https://docs.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server) and [unixODBC](http://www.unixodbc.org/) 2.3.6+) - Added support for Authentication with Azure Active Directory using Managed Identity for Azure Resources (requires [MS ODBC Driver 17.3+](https://docs.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server)) - Feature Request [#842](https://github.com/Microsoft/msphpsql/pull/842) - new PDO_STMT_OPTION_FETCHES_DATETIME_TYPE flag for pdo_sqlsrv to return datetime as objects [Removed] - Dropped support for Linux Ubuntu 17.10 and mac OS El Capitan - Dropped support for PHP 7.0 - [Version 5.3](https://docs.microsoft.com/sql/connect/php/system-requirements-for-the-php-sql-driver?view=sql-server-2017) is the last to support PHP 7.0. [Fixed] - Issue [#434](https://github.com/Microsoft/msphpsql/issues/434) - To avoid possible crashes, before freeing stmt in the destructor check if its dbh driver data is NULL - Pull Request [#833](https://github.com/Microsoft/msphpsql/pull/833) - Streamlined the error handling to remove a potential cause of crash - Pull Request [#836](https://github.com/Microsoft/msphpsql/pull/836) - Modified the config files to enable Spectre Mitigations (use /Qspectre switch) for PHP 7.2 (see related Request [#878](https://github.com/Microsoft/msphpsql/pull/878)) - Pull Request [#854](https://github.com/Microsoft/msphpsql/pull/854) - Clear Azure Key Vault data after connection attributes are successfully set or when exception is thrown - Pull Request [#855](https://github.com/Microsoft/msphpsql/pull/855) - Improved performance by saving meta data before fetching and skipping unnecessary conversions for numeric data - Pull Request [#865](https://github.com/Microsoft/msphpsql/pull/865) - Corrected the way SQLPutData and SQLParamData are used when sending stream data to the server - Pull Request [#878](https://github.com/Microsoft/msphpsql/pull/878) - Modified the config files to enable Spectre Mitigations for PHP 7.1 (see related Request [#836](https://github.com/Microsoft/msphpsql/pull/836)) - Pull Request [#891](https://github.com/Microsoft/msphpsql/pull/891) - Improved performance of Unicode conversions - Pull Request [#892](https://github.com/Microsoft/msphpsql/pull/892) - Removed warning messages while compiling extensions - Pull Request [#904](https://github.com/Microsoft/msphpsql/pull/904) - Enabled compiling extensions statically into PHP - Pull Request [#907](https://github.com/Microsoft/msphpsql/pull/907) - Initialized output param buffer when allocating extra space - Pull Request [#919](https://github.com/Microsoft/msphpsql/pull/919) - Initialized a boolean variable before passing it by reference into a function that will modify its value [Limitations] - No support for inout / output params when using sql_variant type - No support for inout / output params when formatting decimal values - In Linux and macOS, setlocale() only takes effect if it is invoked before the first connection. Attempting to set the locale after connecting will not work - Always Encrypted requires [MS ODBC Driver 17+](https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017) - Only Windows Certificate Store and Azure Key Vault are supported. Custom Keystores are not yet supported - Issue [#716](https://github.com/Microsoft/msphpsql/issues/716) - With Always Encrypted enabled, named parameters in subqueries are not supported - [Always Encrypted limitations](https://docs.microsoft.com/en-us/sql/connect/php/using-always-encrypted-php-drivers?view=sql-server-2017#limitations-of-the-php-drivers-when-using-always-encrypted) [Known Issues] - Connection pooling on Linux or macOS is not recommended with [unixODBC](http://www.unixodbc.org/) < 2.3.7 - When pooling is enabled in Linux or macOS - unixODBC <= 2.3.4 (Linux and macOS) might not return proper diagnostic information, such as error messages, warnings and informative messages - due to this unixODBC bug, fetch large data (such as xml, binary) as streams as a workaround. See the examples [here](https://github.com/Microsoft/msphpsql/wiki/Features#pooling) - With ColumnEncryption enabled, calling stored procedure with XML parameter does not work (Issue [#674](https://github.com/Microsoft/msphpsql/issues/674)) - In SUSE 15, Azure Active Directory connections may fail if PHP is installed from packages (Issue [#934](https://github.com/Microsoft/msphpsql/issues/934)) sqlsrv 5.6.0 [Added] - Added support for PHP 7.3 - Added support for Linux SUSE 15, Ubuntu 18.10 and mac OS Mojave - Feature Request [#415](https://github.com/Microsoft/msphpsql/pull/886) - new options at connection and statement levels for both drivers for formatting decimal values in the fetched results - Added support for Azure AD Access Token (in Linux / macOS this requires [MS ODBC Driver 17+](https://docs.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server) and [unixODBC](http://www.unixodbc.org/) 2.3.6+) - Added support for Authentication with Azure Active Directory using Managed Identity for Azure Resources (requires [MS ODBC Driver 17.3+](https://docs.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server)) - Feature Request [#844](https://github.com/Microsoft/msphpsql/pull/844) - add ReturnDatesAsStrings option to statement level for sqlsrv [Removed] - Dropped support for Linux Ubuntu 17.10 and mac OS El Capitan - Dropped support for PHP 7.0 - [Version 5.3](https://docs.microsoft.com/sql/connect/php/system-requirements-for-the-php-sql-driver?view=sql-server-2017) is the last to support PHP 7.0. [Fixed] - Pull Request [#833](https://github.com/Microsoft/msphpsql/pull/833) - Streamlined the error handling to remove a potential cause of crash - Pull Request [#836](https://github.com/Microsoft/msphpsql/pull/836) - Modified the config files to enable Spectre Mitigations (use /Qspectre switch) for PHP 7.2 (see related Request [#878](https://github.com/Microsoft/msphpsql/pull/878)) - Pull Request [#854](https://github.com/Microsoft/msphpsql/pull/854) - Clear Azure Key Vault data after connection attributes are successfully set or when exception is thrown - Pull Request [#855](https://github.com/Microsoft/msphpsql/pull/855) - Improved performance by saving meta data before fetching and skipping unnecessary conversions for numeric data - Pull Request [#865](https://github.com/Microsoft/msphpsql/pull/865) - Corrected the way SQLPutData and SQLParamData are used when sending stream data to the server - Pull Request [#878](https://github.com/Microsoft/msphpsql/pull/878) - Modified the config files to enable Spectre Mitigations for PHP 7.1 (see related Request [#836](https://github.com/Microsoft/msphpsql/pull/836)) - Pull Request [#891](https://github.com/Microsoft/msphpsql/pull/891) - Improved performance of Unicode conversions - Pull Request [#892](https://github.com/Microsoft/msphpsql/pull/892) - Removed warning messages while compiling extensions - Pull Request [#904](https://github.com/Microsoft/msphpsql/pull/904) - Enabled compiling extensions statically into PHP - Pull Request [#907](https://github.com/Microsoft/msphpsql/pull/907) - Initialized output param buffer when allocating extra space - Pull Request [#919](https://github.com/Microsoft/msphpsql/pull/919) - Initialized a boolean variable before passing it by reference into a function that will modify its value [Limitations] - No support for inout / output params when using sql_variant type - No support for inout / output params when formatting decimal values - In Linux and macOS, setlocale() only takes effect if it is invoked before the first connection. Attempting to set the locale after connecting will not work - Always Encrypted requires [MS ODBC Driver 17+](https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017) - Only Windows Certificate Store and Azure Key Vault are supported. Custom Keystores are not yet supported - Issue [#716](https://github.com/Microsoft/msphpsql/issues/716) - With Always Encrypted enabled, named parameters in subqueries are not supported - [Always Encrypted limitations](https://docs.microsoft.com/en-us/sql/connect/php/using-always-encrypted-php-drivers?view=sql-server-2017#limitations-of-the-php-drivers-when-using-always-encrypted) [Known Issues] - Connection pooling on Linux or macOS is not recommended with [unixODBC](http://www.unixodbc.org/) < 2.3.7 - When pooling is enabled in Linux or macOS - unixODBC <= 2.3.4 (Linux and macOS) might not return proper diagnostic information, such as error messages, warnings and informative messages - due to this unixODBC bug, fetch large data (such as xml, binary) as streams as a workaround. See the examples [here](https://github.com/Microsoft/msphpsql/wiki/Features#pooling) - With ColumnEncryption enabled, calling stored procedure with XML parameter does not work (Issue [#674](https://github.com/Microsoft/msphpsql/issues/674)) - In SUSE 15, Azure Active Directory connections may fail if PHP is installed from packages (Issue [#934](https://github.com/Microsoft/msphpsql/issues/934)) libsodium 2.0.21 - Detached signature strings were not properly terminated. This has been fixed. apcu_bc 1.0.5 - fix skipif.inc path in test suite - remove APCU version from phpinfo - remove Build date from phpinfo win32service 0.4.0 * Add win32_send_custom_control, win32_set_service_exit_mode and win32_set_service_exit_code functions. * Add severals constants. * Add many configuration option for win32_create_service function. The binary is also available here: https://github.com/win32service/win32service/releases/tag/v0.4.0 datadog_trace 0.13.3 ### Fixed - 7.x handling of `$this` pointer passed to the closure causing errors in PHP VM #311 datadog_trace 0.13.2 ### Added - Optional extension .so files compiled with "-g" flag #306 - Log backtrace on segmentation fault, enabled via ddtrace.log_backtrace=1 #300 Fixed Auto-instrumentation when user's autoloader throws exception on not found #305

Improve your rankings & drive more traffic with these data-backed SEO tips. From old white hat faves to 2021 trends, get all the SEO dos you need in one place. The post 21 SEO Tactics To Boost Rankings And Traffic first appeared on JUST(TM) Creative.

For designers working as either freelancers or employees, certain elements cannot be ignored, they enclose every aspect of their professional lives. Elements like logos create and give life to brands. Business cards and flyers promote abilities and information while invoices and quotations keep a record of the sales and other components that make a business...

If you ever delved into Flexbox as an alternative to the classic CSS box model, you probably don’t want to go back. The hitch is, that you need to deal with it in-depth, and who has enough time for that these days. Thus, we’re often stuck with old methods of getting things done, just because we know how to reach the goal using them. Let’s change that. Today, I’ll show you the project Flexbox Patterns as a quick introduction to Flexbox. Flexbox: Diving Deeper If you have the time, make sure to watch the free video tutorial on which I reported for the colleagues at t3n here. You’ll receive 160 minutes of essential knowledge. Flexbox Patterns: Landing Page We’ve already talked about Flexbox at Noupe here. In the article, we covered the topic of creating a responsive comment section with Flexbox. Flexbox Patterns Thankfully, the interface designer CJ Cenizal has also looked into Flexbox and started a collection of ready-to-use best practices on the website Flexbox Patterns. At the moment, there are only about a dozen of finished modules available. However, the project has just started out, and the available modules already cover the most important application cases. Example: Alternating […]

If you have ever pondered over the future of e-comemrce, this article will walk you through all the hot trends in e-commerce software development. The post E-Commerce Development Trends in 2022 appeared first on SCAND.

With Animate CC, Adobe finally sounded the bell to the end of Flash. While the renamed animation program still supports Flash, it has moved its main focus towards HTML5 and WebGL. Now, for each new project, you decide whether you want to create an animation via HTML5 canvas or WebGL. Animated SVGs with Animate CC were not possible until recently. The extension “Snap.SVG Animator” expands the Animate CC feature scope by this exact function. The Framework Snap.SVG Snap.SVG Allows Vector-Based SVG Animations Unique about Flash was always the fact that it brought vector-based graphics and animations to the browser. This was not possible with web standards. Apart from fonts, only pixel-based formats like JPEG and GIF were used. With the introduction of HTML5, the XML-based SVG format became increasingly popular as well, as it is vector-based and animatable, similar to Flash. This gives the SVG format a decisive advantage over HTML5 canvas, which only allows for pixel-based animations. Especially when zooming in, this format’s disadvantage in comparison to SVG becomes evident. As Animate CC is generally vector-based, it is logical to provide vector-based distribution formats. As SVG animations are realized via JavaScript beyond the CSS3 attributes “transition” and “animation”, there […]

Photos again? Of course, you need them all the time. Today, I’ve got a solid photo pack with 75 pictures of people reflecting touching moods for you. The Emotional People Photo Pack offers 75 completely [...]

Today we will be reviewing Sympli, a collaboration tool built specifically for designers and developers. So what exactly is Sympli? In a nutshell, Sympli allows designers and developers to easily collaborate on projects. The tool works with Photoshop, Sketch, Android Studio and Xcode. Let’s look at some of Sympli’s features, how it works, and why […] The post Sympli: Pixel Perfect Products Made Simply appeared first on Line25.

A "dark pattern" is a deceptive UX pattern that tricks users into doing things they may not really want to do. In this article, Alvaro Montoro does a little experiment to find out how much privacy is taken away from users across three different browsers.