Installing CakePHP

Over the past few months I have been getting to grips with CakePHP, a rapid development framework written in PHP that uses the Model, View, Controller (MVC) software design pattern. If you are a PHP programmer then give this framework a try because quite frankly it’s the bee’s knees.

Although it does have quite a steep learning curve once you become familiar with the concepts it will help to improve your programming skills and will also get your database-driven websites up and running extremely quickly. This post is going to be the first of many regarding CakePHP and my plan is to release posts quite regularly that build upon the Blog tutorial found in the manual.
Downloading and Installing CakePHP

Currently there are 2 versions of CakePHP available, 1.1 and 1.2. Version 1.2 is in a pre-beta stage and limited documentation exists and therefore I’m going to be dealing with the stable 1.1 release. Go to the download page and grab the 1.1 zip file. Extract the files to a folder in your local web server (read my previous post about setting one up) , I’ve renamed the folder to “cakephp” and inside you will have a number of folders and files including “app”, “cake”, “docs”, “vendors”, “.htaccess” and “index.php”.



One of the first things you should do when starting with CakePHP is read the manual, especially the first few chapters about the basic concepts and installation. It will help to get your head around everything and although things may seem confusing at first it does get easier.

I setup CakePHP to use the production setup right from the start this makes everything easier when you need to upload your finished site, I do this by setting up a virtual host.
Setting up a Virtual Host

I’m running the excellent Xampp webserver and I use virtual hosts for developing all my websites. Open the Apache Virtual Host file (located at C:\server_directory\apache\conf\extra\httpd-vhosts.conf) and create a new host:

1.
2. DocumentRoot C:/server/htdocs/cakephp/app/webroot
3. ServerName cakephp:80
4.


Don’t forget to add “cakephp” to you Hosts file (C:\windows\system32\drivers\etc\hosts), restart your webserver if you already have it running and you will be able to access your new installation of CakePHP by going to “http://cakephp” in your browser.
Mod_Rewrite

Just a quick note on mod_rewrite, if you have installed Xampp as your local server or use Apache then its best if you enable mod_rewrite, simply open the “httpd.conf” file located at “C:\server\apache\conf” and uncomment the following line by removing the ‘#’ symbol:

1. #LoadModule rewrite_module modules/mod_rewrite.so


There is some more information regarding mod_rewrite in Section 5 of the “Installing CakePHP” part of the manual. Remember to restart Apache when you make any changes like this.
Testing CakePHP in your Browser
CakePHP Image

If you have set everything up correctly then you should be seeing a CakePHP page when you go to “http://cakephp”, if you are not seeing any images or css styling then make sure that you have mod_rewrite enabled and that your virtual host is pointing to the “/app/webroot” directory (with no trailing slash). The page is telling you that you have not set up your database configuration file so we will be doing this next.
Setting up the Database Connection
CakePHP Image

The database configuration file is located at “C:\server\htdocs\cakephp\app\config”, rename the “database.php.default” file to “database.php” and open it in your editor. You need to enter your database username, password and database name into the “$default” connection. If you have not yet created a new database open phpMyAdmin in a browser and create a new database, doesn’t really matter what you call it but I’ve created one called “cakephp”.
CakePHP Image

Reload “http://cakephp” in your browser and CakePHP will now be able to see your database configuration file and it will also be able to connect to your database. Everything is looking good and you now have a fresh install of CakePHP up and running on your local web server.

Microsoft to Release !exploitable Crash Analyzer as an Open Source Tool and more …

On Friday, March 20, Microsoft’s Security Science team will release the!exploitable Crash Analyzer tool as an open source tool on CodePlex at CanSecWest in Vancouver, British Columbia. The tool will be available as a free download on the Microsoft Security Engineering Center (MSEC) Web site, http://www.microsoft.com/security/msec, later that day.

!exploitable Crash Analyzer is a Windows Debugger extension that determines the uniqueness of crashes produced during development and testing, identifying those that have security implications and how exploitable they are. For more information, including a fact sheet on the tool, please visit Press Pass, http://www.microsoft.com/presspass/newsroom/security/default.mspx.

The Security Science group is part of Microsoft’s Trustworthy Computing organization, focused on protecting its customers and the industry by improving the security of Microsoft products, services and platforms through applied security research. This group of elite researchers and developers tracks and provides early warnings for new exploits, develops more effective ways to find vulnerabilities, and using its internal research, integrates innovative exploit mitigation techniques and tools to Microsoft products and in some cases, shares those tools with the broader industry.

Additionally, Trustworthy Computing will give two other presentations at the event focused on the Security Science team’s exploit mitigations, how they have been employed, why they were chosen, and how Microsoft systematically thinks about mitigations coverage.

About Enhanced GS

Enhanced GS is a mitigation designed to make it harder to exploit security vulnerabilities when they occur.

/GS (pronounced “slash GS”) is the current buffer security check feature of the Microsoft Visual Studio C++ compiler. It detects common classes of buffer overruns by injecting security checks into code compiled with this feature. Enhanced GS is the enhanced version of /GS that improves stack buffer overflow mitigation by analyzing and helping protect more functions.

Enhanced GS does deeper function analysis than /GS. Enhanced GS more accurately identifies potential hazards, thus making vulnerabilities more difficult to exploit when they occur. This enhancement enables protection to be deployed in the right places and reduces redundant protections.

Tool Release

Microsoft Corp. plans to release Enhanced GS to developers in Visual Studio 2010. In addition, Enhanced GS will be included in the Security Development Lifecycle after it is released with Visual Studio 2010.

Given that Enhanced GS is an update of the current compiler, anyone who receives the compiler update will get the new version, Enhanced GS.

Benefits

Microsoft and third-party developers will use this built-in mitigation whenever they use Visual Studio 2010. Customers will benefit from more secure products. Products built with the new Enhanced GS will be less vulnerable to buffer overflows as there will be fewer exploitable stack overflow vulnerabilities.

Microsoft plans to release this mitigation with Visual Studio 2010, which means customers will see the benefit when the next wave of products comes out after Visual Studio 2010 is released.