[OWASP_PHPSEC] Daily Report - 23 July, 2013
abiusx at owasp.org
Wed Jul 24 12:20:21 UTC 2013
Congrats on ur exam.
The approach with the log lib is not what we're looking for.
We need something simple, flexible and scalable, no config files and 20 lines of initiating the library before using it.
We don't want PHPSEC to be yet another ESAPI, with all the bloat that made it drown. Make everything as simple and working as possible. If somebody needs more features, either they will expand it or they will ask us to make a more thorough version.
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body. Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
On Mordad 2, 1392, at 12:12 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> Hello All,
> So as you all know, I tool leave for sunday and monday. Now I am back. You would be glad to know that I have passed my test. Tomorrow (Tuesday) I am having an HR round and possibly after that I will have technical rounds.
> Before my report, please add me in the contributor list. I am not able to push my codes.
> So here's my tuesday report.
> Today I worked on the "logs" library. I added support for storing logs in files and in DB.
> I also created a template that makes user define in what format they want their logs to be stored in.
> Our logs work like this:
> You create an instance of log and then you pass it a configuration file. From that configuration file, the logger will collect all the settings and do all the necessary works. This conf file will contain the type of storing mode such as Db, file etc. It will also tell table name, filename, which mode to open file in etc etc. Once this has been done, the developer can call the log function to store their logs using logger->log("mylogmessage"); They can also specify additional details such as file where the error was generated, type of error, priority of error etc.
> With our logs library, the developers can also make their own template if they would like to store additional data such as which class generated the error. To do this, they would just have to make minor changes in code.
> Currently the configuration file just supports arrays. Later I will add XML support also.
> Since I am not familiar with XML, I am reading it now. once I do this, then we can also store logs in XML format (if desired). Abbas also told me to store logs in syslogs....I do not know what that is...so I have to read it...that might take time....I am also working on functions such as mailing of important logs to admins.....and searching for 1 or multiple entries in logs.
> Rahul Chaudhary
> Ph - 412-519-9634
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project