Monthly Archives: November 2015

Defending against Click-jacking and UI redress attacks in PHP and HTML

Below is small snippet on how you can defend against click-jacking and UI redress attacks using the x-frame-options response header for browsers that support it.  It also has css and javascript that blocks the page from being shown unless it is the top page.  If you’re not familiar with Click-jacking,  they basically embed an invisible layer on top of the visible layer of a webpage.  This invisible layer will take the user’s clicks and entered information and possibly do malicious things.  They could have you enter the information into an input box that is 1 layer above the actual input box, making you follow someone on twitter, like a Facebook page, clicking a google ad, etc…

Compiling PHP extensions on IBM i / PASE/ AIX

This is post for Andy Youens and anyone looking to compile PHP Extensions on IBM i.  The first thing i would do is get GCC on the IBM i by following Tony’s guide here: http://yips.idevcloud.com/wiki/index.php/PASE/GCC .  GCC is the compiler system that can take a PHP extension  source code, which are written in C, and compile it into an .SO file that can be added via PHP.ini.  In Andy’s case he want’s xdebug and you can get the latest source code here: http://xdebug.org/files/xdebug-2.3.3.tgz . Or find other versions here: http://xdebug.org/download.php .

Compile Script

Why can’t we just use any old binary? 

The source code has to be compiled to the processor and the operating system you’re running it on.  In the case of IBM i , the PASE environment is basically AIX (IBM’s flavor of UNIX) and it runs on IBM’s Power processor.

Binary compiled for PHP 7.1

https://github.com/phpdave/DataDump/raw/master/xdebug.so

 Further reading if you need more information to get strarted:

http://files.zend.com/help/Zend-Server-5.6-Cluster-Manager/content/compiling_php_extensions.htm