Customize Content Blocks in Magento Layouts

The ‘View’ of Magento’s MVC pattern implementation is divided in two parts: Layout and Template. The template represents a HTML block while layout defines the location of the block on a web page. Magento provides ultimate flexibility and re-usability of design by layouts defined in XML.

Layout is the tool with which you can assign content blocks to each structural block you create. Magento’s layout files are in the form of XML text-files and by modifying the layout you are able to move blocks around in a page and assign templates to the content blocks to produce markup for the structural blocks. In fact, with the help of a few layout files alone, you are able to modify the visual layout of every page in your store.

How Layout Works

Layout is comprised of default layout and layout updates that are made up of easy-to-learn XML tags. With these layout commands, you can modify/assign content block-structural block relationships and also control store-front functionalities such as loading and unloading of block-specific Javascripts to a page.

Layout files are separated on a per-module basis, every module bringing with it its own layout file (for instance ‘catalog.xml‘ is a layout file for the catalog module, ‘customer.xml’ is for the customer module…etc).

These layout files are located in app/design/frontend/your_interface/your_theme/layout/ and each file is further separated by handles, each handle (with the exception of <default>) assigning its nested updates to the according specific page in the store.

Some layout files may contain the <default> handle. When parsing the layout files, Magento first grabs the layout updates assigned in the <default> handle of almost all layout files, reading them in the order as assigned in app/etc/modules/Mage_All.xml.

It then parses the page-specific layout update, finalizing the building of a store page. The system is built this way in order to allow seamless addition and removal of modules without effecting other modules in the system.

Layout XML

Layout XML files can be found in app/design/frontend/[package]/[theme]/layout. Each Magento module may define its own layout XML file in the config.xml file.

<frontend>
<layout>
<updates>
<mymodule>
<file>mymodule.xml</file>
</mymodule>
</updates>
</layout>
</frontend>

Each layout XML file represents its own design update. For example, catalog navigation is part of the Mage_Catalog module and Mage_Catalog module defines a layout update file: catalog.xml. So the block for the catalog navigation and its location on the page is defined in catalog.xml.

Before the page is rendered, Magento loads all configured layout update files and its design updates to determine which block is to be rendered at which location.

Layout Handles

First level child elements of the <layout> node are called layout handles. Each layout handle represents an update to the page layout. It may define new blocks to be included in a page at a specific location or remove a specific block from the page. It may also define the modifications in existing blocks already included in the page by other layout XML files.

After Magento loads all layout XML files, it determines which layout handles need to be processed. Normally, the layout handle is selected based on the controller action being executed. In most cases, Magento loads the layout handle with name: [module_front_name]_[controller_name]_[action_name].

For example, when the contact us page is requested, then index action of index controller of Mage_Contacts is executed. Module front name of Mage_Contacts is contacts. So the layout handle to be processed for the contact us page is contacts_index_index.

For any page, Magento always processes the default layout handle. So the updates defined in default handle are processed for every page regardless of which part of the site we are browsing.

Source: CodeWebber

An Introduction to PostgreSQL

MySQL is much more commonly provided by web hosts. PostgreSQL is a much more mature product. Apparently, MySQL is fast when concurrent access levels are low, and when there are many more reads than writes. On the other hand, it exhibits low scalability with increasing loads and write/read ratios.

PostgreSQL is relatively slow at low concurrency levels, but scales well with increasing load levels, while providing enough isolation between concurrent accesses to avoid slowdowns at high write/read ratios. It goes on to link to a number of performance comparisons because these things are very sensitive to conditions.

So if your decision factor is, “which is faster?” Then the answer is “it depends on the usage”. If it really matters, test your application against both.”

And if you really, really care, you get in two DBAs (one who specializes in each database) and get them to tune the crap out of the databases, and then choose. It’s astonishing how expensive good DBAs are, and they are worth every cent.

When it matters.

Which it probably doesn’t, so just pick whichever database you like the sound of and go with it; better performance can be bought with more RAM and CPU, and more appropriate database design, and clever stored procedure tricks and so on – and all of that is cheaper and easier for random-website-X than agonizing over which to pick, MySQL or PostgreSQL, and specialist tuning from expensive DBAs.

PostgreSQL database is Open Source product and available without cost. Postgres, developed originally in the UC Berkeley Computer Science Department, pioneered many of the object-relational concepts now becoming available in some commercial databases.

It provides SQL92/SQL99 language support, transactions, referential integrity, stored procedures and type extensibility.

PostgreSQL is an open-source descendant of this original Berkeley code.

Postgres Pros:

• Transactions

• Foreign keys ( via refint )

• Triggers

• Subselects

• Views ( mostly )

• User-defined datatypes

• User-defined functions in a variety of languages: sql, c, pl/pgsql, pl/tcl

• Sequences

• Proper date handling

PostgreSQL feels quite a bit like Oracle. There is no SHOW TABLES, it’s \dt (IIRC). To quit it’s not QUIT or EXIT, it’s \q.

PostgreSQL didn’t have built in replication until recently.

Postgres doesn’t support ‘UPDATE a,b SET’ syntax. This would need to be translated into:

UPDATE a SET a.id=b.id FROM b WHERE a.f2 = b.f2; to work on Postgres.

Postgres does not provide a way to order columns inside the db.

Altering columns:

ALTER TABLE a ALTER COLUMN b TYPE integer;

ALTER TABLE a ALTER COLUMN b SET NOT NULL;

Postgres has no auto_increment option. Instead, use the type ‘serial’ For example:

CREATE TABLE a (

b INTEGER PRIMARY KEY NOT NULL AUTO_INCREMENT

);

would become

CREATE TABLE a (

b SERIAL PRIMARY KEY

);

plain INDEX’s cannot be added during table creation, Instead, you must issue a second query:

CREATE INDEX indexname ON tablename(columnname);

the syntax for defining constraints (such as UNIQUE or FOREIGN KEY) varies between the two databases.

For example, in your table definition if you had:

UNIQUE INDEX a1 (f1, f2) this would be changed to:

CONSTRAINT a1 UNIQUE (f1, f2) to be compatible with Postgres. Note that Postgres creates indices by default for

UNIQUE and FOREIGN KEY constraints.

There are many data types that do not exist in Postgres that you may be used to using in MySQL.

These include: blob, tinyint, integer unsigned

http://www.postgresql.org/docs/9.0/static/

Source: Codewebber

Store Procedures with CakePHP

I have always wondered how to store procedures with CakePHP, as I knew it will reduce the DBhits and will definitely make the application faster and usable.

I have searched on google if any class was available. Everyone was talking about $this->query(“call yourpeocedure()”); and they are getting results as desired, hence, it is fine and we can get the desired result.

But in case where stored procedure will have multiple select query, $this->query() will give an error. Here is a very small class for CakePHP by which we can integrate our MySQL stored procedure with CakePHP.

For now class is very abstract and if needed then we can modify the class. This class is handling the stored procedure in two forms:

1) If our MySQL stored procedure have any select query just like Select * from our table then it will simply return result after calling the function like $this->Model->procedure(“YourProcuedure” , $input_parameter).

2) If our stored procedure is dealing with output procedure then it will just return by calling another function name

$this->Model->getOutData().

Example:

$this->Model->Procedure(“YourProcedure” , $input_parameter , $outputparameter);

$data = $this->Model->GetOutData();

Class for the CakePHP call MySQL stored procedure

For more detail please go through the step-by-step implementation given below:

 Paste the following code in AppModel.php

<br /> <strong>&lt;?php</strong>

class AppModel extends Model

{

var $outputParams = array();

function Procedure($name , $inputParameter = array(), $outputParameter = array() )

{

$this->outputParams = $outputParameter;

if (class_exists(‘DATABASE_CONFIG’)) {

$this->config =& new DATABASE_CONFIG();

}

if($this->config->default[‘driver’] == “mysql”)

{

trigger_error(“OOps error occure, Please go in your database.php of your config folder and set driver name = <b>mysqli</b> to execute stored procuedure. Currently it is set to mysql”);

exit;

}

//Create parameter

$parameter = “”;

foreach($inputParameter as $params)

{

$parameter .= $parameter == “” ? ” ‘$params’ ” : ” , ‘$params’ “;

}

if(count($outputParameter)> 0)

{

foreach($outputParameter as $prm)

{

$parameter .= $parameter == “” ? ” @$prm ” : ” , @$prm “;

}

}

$procuedure = ” call `$name`($parameter) “;

$db =& ConnectionManager::getDataSource($this->useDbConfig);

$db->connection;

mysqli_multi_query($db->connection,$procuedure ) or die(mysqli_error($db->connection));

$final_data = array();

do {

/* store first result set */

$mid_data = array();

if ($result = mysqli_store_result($db->connection)) {

while ($row = mysqli_fetch_array($result)) {

$mid_data[] =  $row;

}

mysqli_free_result($result);

}

$final_data[] = $mid_data;

/* print divider */

} while (mysqli_next_result($db->connection));

return $final_data;

}

function getOutData()

{

$outputParameter = $this->outputParams;

if(count($outputParameter)> 0)

{

$parameter = “”;

foreach($outputParameter as $prm)

{

$parameter .= $parameter == “” ? ” @$prm  ” : ” , @$prm  “;

}

$SQL = ” SELECT $parameter “;

$data = $this->query($SQL);

return $data;

}

else

{

trigger_error(“OOPS!!! no resource for select query here”);

}

}

function paginateCount($conditions = null, $recursive = 0, $extra = array()) {

$parameters = compact(‘conditions’);

$this->recursive = $recursive;

$count = $this->find(‘count’, array_merge($parameters, $extra));

if (isset($extra[‘group’])) {

$count = $this->getAffectedRows();

}

return $count;

}

}

Now make sure that in every model you have extended(inherited AppModel class, which is very basic if not the inherited then before using these function please do it)

Now in your model or controller you can use use procedure function to execute the execute stored procedure. Following is the way to execute the stored procedure from CakePHP.

If you are using from controller then you can use following way:

<br />

<strong>&lt;?php</strong><br />

<strong>

$input_prameter = array(“username” , “search_keyword” , 5 , 3);

//Define input parameter into array in the same order in which your procedure require input

</strong><br />

<strong>

$output&nbsp; = array(“@search_result” , “@location”);

//output parameter of the stored procedure in the same way as define in your mysql procedure

</strong><br />

<strong>

$sel_data = $this-&gt;Model-&gt;Procedure(“GetUserDetailProcedure” , $input_parameter&nbsp; , $output);

</strong><br />

<strong>

print_r($sel_data);

//it will return data if there will be any select query used in stored procedure

</strong><br />

<strong>

$data_of_output_parameter = $this-&gt;Model-&gt;getOutData();

// to get data of output parameter, if you do not have any output parameter in your mysql stored procedure then no need to call this function.

</strong>

 Source: Codewebber

CodeWebber Engagement Models

CodeWebber offers flexible engagement models to suit the needs of its varied customer base. The engagement models are chosen based on project duration, complexity and the management level expected by the customer. This article outlines the quick questions that comes to a customers mind while chosing the right engagenet models. We also look at some example scenarios and give specific advice so that you could derive the best value out of CodeWebber.

Our engagement model is purposely designed to meet all of your unique needs and still maintain top-notch quality. There are no pitfalls because there is a team of dedicated individuals who work for you. The engagement models we employ are-

Team Augmentation

Accelerated delivery of critical projects made easy with our team augmentation strategy. From helping you to select the best developers available to, supplying a skill set that does not currently exist in your team. We do it all!

Resource Based Billing

The pricing also varies with involvement levels-

Dedicated team

A Dedicated team is an extension of the client’s own development center. Through such dedicated team billing model, we offer the best skill sets, resources and flexibility to the clients. The client can engage a dedicated CodeWebber team for a period of time. Monthly billing can be changed according to the number of resources dedicated every month.

Hybrid model

Under our hybrid engagement model, CodeWebber combines elements of our other models to optimize costs and maximize efficiency. This is based on the stage of development or the nature of work involved. The hybrid model allows for scalability and has enormous operational benefits.

Milestone Billing

This option works for clients who are concerned about progress in remote projects. Milestone-based payment model helps in progress monitoring. It is followed invariably for all projects more than a couple of months in duration, to minimize risks and improve cash-flow.

Hourly billing

Hour based billing are typically for smaller projects that requires resource types less than a month (160 hrs/mo). This model is especially useful when there is a need put up by the client for more control in the development phase.

Turnkey Application Development

Through our turnkey application development methodology, the application is immediately ready to use upon implementation. This is achieved by our team with significant contribution from the client in each phase of the development cycle.

Source: CodeWebber

The importance of Web development

Nowadays, no company can think about making it big without having its very own website to get in touch with the global client base. While bigger businesses and MNCs can afford to have their own web development team to meet the needs of internet marketing requirements, small businesses cannot go for it. In such type of companies, the work associated with Web Development is taken care of by webmasters or graphic designers. Majority of them outsource their requirements for such type of services on a contractual arrangement. You will discover a lot of web development companies and qualified professionals who have been into Web Application Development, Software Development and Website Development for several years. Such type of companies enjoys an outstanding status as a reliable service provider. One has to communicate with dependable Web Development agencies to generate the perfect type of website to publicize their business. CodeWebber for your website requirements!

Right from the development of world-wide-web by Lee Berners in the 1990s, the entire world has now been minimized to a marketplace in which all of the nation’s regardless of dimension as well as spectrum of operation are participants in the internet marketing discipline. With the surge in the amount of web development firms this sector now produces revenues in billions of dollars. Owing to the most recent technical advancements in IT, Web Development is now ever so active as well as demanding market. Pros associated with crucial areas for example Web Application Development , Software Development or Website Development have the option to either work as a freelancer or alternatively, be employed in reputable companies to earn substantial earnings .

In the future, the range of web development services will certainly spread out to modern horizons with customer orientated strategy as well as cut throat levels of competition. Round the clock customer care support, outsourcing, online banking, payment of bills, online sales and purchases are the result of customer needs and comfort .Financial transactions are performed within just minutes be it, payment, receipt or simply transfer to and from any region across the world. Automation and swiftness are paramount to the triumph of Web development in promoting internet business. Customers are able to log onto the website and browse through variety of stores, products and solutions within just an hour or so and also get a lot more value for money spent.

Lowered price of web hosting as well as web development seems to have opened up business locations for everyone i .e. It no more remains the right of large businesses. Anybody can find web development sites who provide free of charge platforms, web development resources as well as other systems to novice as well as skilled clients.

Source: Colorcuboid

Estimating for a Requirement

Boon of our existence or is it a Bane? Don’t know which but an integral part of our lives. Software Project Estimation. A few tips.

1. Read the requirement
Read the specifications you have been given. Are you done? Read it again.
Multiple reads of the input is the simplest and most often overlooked step. Every reading gets you something new and new ideas.

2.Don’t be a yes man
The estimate needs to be a comprehensive one. If the inputs given are insufficient or the timelines are insufficient, put your foot down!!. An incomplete /shoddy job is going to please no one.

3. Don’t reinvent the wheel

Completing an implementation from scratch often takes time and money. Something no you customer has in surplus. Or if they did, i am sure they wouldn’t want to share it with you.Can the specs be met with an off the shelf solution and minimal customization? Present that first.If not would a combination of different solutions work?Check your repository. Are there components you have designed in the past that can satisfy this need?

4. Not my cup of tea
Every cup of tea is not made keeping you in mind.

Be honest! If you’re not the right person for this job admit it. There are plenty of other jobs out there wating for you, much better suited to your skill sets and expertise.

5.Break it down into the smallest blocks
Every activity has many sub activities associated. Breaking it down has major advantages
One, you are able to clearly visualize each of the tasks and identify the time taken for each.The accuracy is much better this way.
Two breaking it down presents each of the sub activities to the customer so they can let you know if they have something different in mind.
6. The devil is in the details
Document the effort for every conceivable task.
Have you covered each deployment cost , associated documents, acceptable performance, operating system,hardware?
This way there is no ambiguity on what is covered and what is not.

Source: CodeWebber

Why the Latest PHP 5.5 is Impressive on Ecommerce Stores?

LAMP (Linux/Apache/MySQL/PHP) platform is a successful alternative to commercial software for building and operating dynamic and high performance web systems. PHP has become one of the major player on the web development market in the last few years. For all Linux hosting packages, PHP 5.5 has recently become the standard version.

The upgraded PHP version 5.5 comes with lots of changes and value additions. Most of the changes are beneficiary for the e-commerce stores running on php.

Here’s a Brief description of what PHP version 5.5 has to offer your e-commerce store

1. Addition of keywords

In php version 5.5, the provided refinery keyword facility will allow a developer to define block code, cache block for better keyword search. It improves the result of the search based on keywords. Keyword search is very much helpful in the e-commerce online stores.

2. Availability of Generators

Availability of generators provides a way for iteration through the data. Because of which the function keyword will give the more appropriate results. In e-commerce online stores, it is important to get appropriate results for a particular search for keyword. Availability of generators in php version 5.5 provides this facility.

3. Class name resolution update

Updated class name resolution in the php version 5.5 provides easy and fast filtering through the class names. More options for the class name resolution and filtration in the updated php version. For e-commerce online stores more class name filtration gives better results.

4. Empty functions acceptability

Empty functions are used to determine the false or equal value false commands. Sometimes these empty functions won’t work properly and take the search result back to the original place. In php version 5.5, the acceptability of the empty function is improved. It won’t take the search result at initial position. In advanced version, the false value recognition is improved. It helps e-commerce online stores to get uninterrupted process of product selling after the false command entries. It helps the e-commerce online stores to gain more customers.

5. Security

Apart from core technical impact, the main impact of php version 5.5 is on security. This version makes the e-commerce online stores become more secure. For example, as Microsoft have decided to cut-off the support system of windows XP and other older versions, it is easy to crack the systems working with earlier. But it will not be an issue in php based systems as php 5.5 version does not function on the windows XP or older versions. So the firewall provided by the windows and security system of php will keep your e-commerce store intact.

For more information refer php.net

At CodeWebber, we offer comprehensive e-commerce development services to various SMEs and large scale businesses across the globe which help them offer their products and services vividly on the internet and outshine in the digital marketplace.

Source: CodeWebber

Learn About MySQL Stored Procedures

MySql 5 introduced the concept of stored procedure functionality. If you have already worked on other DBMS (Database management System) or Mysql,  you might be familiar with the concept of stored procedure. We will learn more about it in detail here.

What is mysql stored procedure?

Stored procedure is a set of SQL codes stored in a database server which can be invoked by a program, trigger or stored procedure itself.

Stored procedure is a way to execute tasks/business logic directly on your database server. Generic tasks can be performed  which are dependent on database table data.

So rather to go multiple time on database to fetch data into your program and perform your business logic stored procedure give some generic way of coding for your business logic and take data return or you can save your processed data into your database.

Let us take an example

A loan officer wants to change the floating interest levied for a customer’s loan account.

What is your normal course of action? (using your program?) From the database you will fetch capital, rate of interest, duration and calculate interest.  You will go back to the database and save data. In this case we enter the database twice. But, if we use a stored procedure we just need to write this operation within our stored procedure and call it through the program one time. You can fetch capital, rate of interest and duration from the database and save data after processing.  We interrupt the database server only one time. Thanks to the stored procedure, conservation of server resources – check!

Advantages of Mysql Stored Procedure:

Multiple applications running in different environments sharing a database.

Business logic which is independent of programming language.

When security is a main concern use of stored procedure is vital. By doing your operation through the database you can log all performed actions.

Stored procedure does not give direct table access which is one more way to secure data and transactions.

Stored procedure increases performance of your application. When a stored procedure is created and compiled, it never goes to parser, directly fetch the record and execute. Whereas normal SQL query fired on database server get parsed every time so using stored procedure you can save parsing time.

If your application is big or your database server is on a remote system,  using stored procedure can decrease traffic between your database server and application server.

Since stored procedure is written in your database server and application calls it separately, the degree of reusability increase because despite going in much detail you can call stored procedure to perform your action.

Disadvantages of using stored procedure :

Following are the situations where in we should avoid using mysql store procedure.

Sometimes use of stored procedure is a bit risky. Stored procedure follow “define one use many time” philosophy. Doing change in stored procedure directly affect your data so it should always be used very carefully. Stored procedure is a set of sql commands that forms a logic. This makes it very hard to debug.

Managing stored procedure is a little difficult because it does not have any object oriented paradigm.

Since stored procedure has its own advantages and disadvantages, before choosing the option of using stored procedure we should be very careful and decide whether we should use stored procedure or not.

Example

As we have discussed earlier mysql stored procedures are simple SQL statements like normal query but  difference is that query never saved and when you will run stored procedure it will be saved in your RDBMS system.

Let us create a simple stored procedure which will select one string.

mysql > create procedure helloworld() Select ‘hello test’;

Query OK, 0 rows affected (0.00 sec)

To call this procedure you need to run the following mysql query

mysql > CALL helloworld();

Now this query will run select ‘hello test’.

This is simple.

Let us experiment with something more complex.

Mysql stored procedure never return value directly. Either you need to specify output parameter in your stored procedure or you have to put select statement inside the procedure which will fill data in your resource.

Writing a mysql procedure involves 3 steps

1. Definition of the procedure – Create procedure syntax with the name
2. Definition of the input parameter – There are three types of parameters you can define. ‘in’ parameter, ‘out’ parameter and ‘inout’ parameter.

Using ‘in’ parameter you can define inputs of the stored procedure,

‘out’ parameter specifies the output parameter.

‘inout’  defines shared parameter, it can also be used either as input parameter or output parameter.

1. Body of the procedure:- Normally we write within the BEGIN and END tag.

Let us create a simple stored procedure:

DELIMITER $$

CREATE

PROCEDURE `test`(IN capital DOUBLE , IN rate INT , IN duration INT , OUT interest DOUBLE)

BEGIN

SET interest = (capital * rate * duration)/100;

INSERT INTO `administrators`(`interest`) VALUES(interest);

END$$

DELIMITER ;

The procedure called  test  which takes inputs as capital , rate, duration and calculates interest and returns interest in output variable and interest into database.

Let us run this procedure.

mysql > call test(100 , 7 , 3 , @primary_interest);

mysql > select @primary_interest;

Now @primary_interest will give you the interest calculated by the stored procedure.

You can use input parameter input in query written within stored procedure.

For example:

DELIMITER $$

CREATE

PROCEDURE `restaurant`.`another_test`(IN restaurant_name VARCHAR(255))

BEGIN

SELECT * FROM `restaurants` WHERE `restaurants`.`name` = restaurant_name;

END$$

DELIMITER ;

As we discussed earlier, in mysql you can put all your database based business operations. Writing a mysql stored procedure is almost similar to writing any high level program in any language.  All you have to learn is variable declaration, conditional operators and Mysql Cursor to write a mysql stored procedure program.

Variable Declaration and operation on variable in stored procedure:

Like other languages in mysql stored procedure you can declare variables too. You should declare the variable at the beginning of the code/program. Which means right after the BEGIN tag.

You can declare variable in mysql programming like this:

DECLARE i INT(3)

DECLARE j INT(9) DEFAULT 6;

In mysql we use DECLARE tag to declare the variable. You have to specify the datatype of the variable to declare the variable. I recommend to specify size of the variable if it is required like int(4), For some of the variables you can not declare the variable without size like varchar.

Scope of the variable in mysql is limited to END tag. If you have declared the variable in stored procedure then after END tag variable will be lost. You can initialize the variable after declaration like this:-

DECLARE i INT(3);

SET i = 10;

In mysql you can take value in the variable from the query also from the help of INTO keyword. Example:

DECLARE student_name VARCHAR(23);

SELECT student.name INTO student_name FROM student_table.

Condition statement in Mysql programming:

Condition statement will give you power to execute code on the basis of the same value.  Similar to any high level programming language, you can add conditional statements in mysql stored procedure.

Example:

DECLARE count_student INT(5) default 0;

SELECT count(*) INTO count_student FROM student_table;

IF count_student > 5 THEN

SELECT * FROM student_table;

ELSE

SELECT ‘Very less student’;

END IF;

For every IF statement in Mysql you have to specify END IF statement. In mysql you can also use ELSEIF for recursive statements. You can also use switch case based conditional statement in mysql, style of writing switch is a little different.

Example:

CASE

WHEN i >2 THEN

SELECT ‘it is two’;

WHEN i  < 2 THEN

Select ‘it is less then 2′;

ELSE

SELECT ‘no eyse’;

END CASE;

Every CASE will be closed with END CASE, Like a any program we have default tag with name ELSE.

Iteration control(Loop control) in mysql: In mysql you can use loop also as you do in your programming language. Here you can implement loop using WHILE , REPEAT and LOOP Tag.

Source: CodeWebber

Poodle – SSL Security Threat Explored

Poodle is a breed of dog with legs that resembles cotton candies. It is intelligent and a regular staple at dog shows. Even the most friendly dogs have the propensity to bite. Now we see all kinds of security alerts and snafus likes heartbleed and shell shock!!! The latest in addition is POODLE.

This is all started when a team in google developed and tested an attack named  POODLE (Padding Oracle On Downgraded Legacy Encryption) which uncovered vulnerability in  Secure Sockets Layer (SSL) version 3 protocol or in short SSLv3.

SSLv3 is an obsolete but still used encryption in both older and new web browsers. (SSLv3 is a 18-year-old protocol which was replaced by the TLS protocol)

POODLE tries to force the connection between your web browser and the server to downgrade  to SSLv3. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then uses this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate  large number of connections between the client and server.

How do they do it?

An attacker can run a JavaScript agent on a website to get the victim’s browser to send cookie ­with HTTPS requests to https://xyz.com, intercept and modify the SSL records sent by the browser in such a way that there’s a non­ negligible chance that xyz.com will accept the modified record. If the modified record is accepted, the attacker can decrypt one byte of the cookies. Cookies

TLS 1.0 and newer versions perform more robust validation of the decrypted data and as such are not susceptible to the same problem. But for SSLv3 there’s no fix.

How bad is this and how does this affect you?

Secure connections primarily use TLS (the successor to SSL), most users become vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session. Most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. An attacker performing a man-in-the-middle attack could trigger a protocol downgrade to SSLv3 and exploit this vulnerability to decrypt a subset of the encrypted communication and extract information from it.

The POODLE vulnerability only works if the browser of the client and the server’s connection are both supporting SSLv3.

How to test if my browser is vulnerable ?

Go to poodletest.com website to test this.  If you see a poodle, you are vulnerable. If you see a  Springfield Terrier, you are safe.

http://www.bolet.org/TestSSLServer/

http://code.google.com/p/sslaudit/

What can I do to prevent this? Poodle vaccine?

As a end user, disable SSLv3 support in your web browser. If it’s disabled, POODLE can NOT downgrade your browser to it. To encourage security best practices I would strongly recommend using the highest version of TLS . For most browsers this should be TLS 1.2.

Will this affect my browsing experience?

This will have an impact on some older browsers. Websites that has already ended support for SSLv3 will become incompatible with older browsers and operating systems. Old browsers like Internet Explorer 6 running on Windows XP or older versions will see an SSL connection error.

SSL v3 will be disabled by default in future releases of many web browsers.

How to disable this at the server?

CloudFlare announced that it was disabling SSLv3 by default from its servers. So did many service providers.

If you are running Apache, just make this change in your configuration among the other SSL directives:

SSLProtocol All -SSLv2 -SSLv3

This disables SSL protocol versions 2 and 3.

How can developers prevent this?

.NET

Use the SecurityProtocol property to enable TLS.

For details on how to use the SecurityProtocol property, visit:

http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.securityprotocol(v=vs.110).as…

http://msdn.microsoft.com/en-us/library/system.net.securityprotocoltype(v=vs.110).aspx

As an example, to force TLS 1.2 in a C# .NET implementation, you’d use:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

JAVA

NOTE: TLS 1.2 was first supported in JDK 7, and will be default in JDK 8: https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls

Use the SSLContext.getInstance method to enable TLS.

For details on how to use the SSLContext.getInstance method, visit:

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance(java.lang.String)

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance(java.lang.String,…

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext

For example, to use the default security layer provider to enable TLS, you’d use:

object = SSLContext.getInstance(“TLS”);

To force TLS 1.2 while using Sun’s Java Secure Socket Extension (JSSE), you’d use:

object = SSLConnect.getInstance(“TLSv1.2″, “SunJSEE”);

cURL

Use the CURLOPT_SSLVERSION option to enable TLS.

For details on how to use the CURLOPT_SSLVERSION option, visit:

http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html

As an example, to force cURL to use TLS 1.0 or later, you’d use:

C/C++/C#:

curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

PHP:

curl_setopt($curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

In cURL 7.34.0 or later, to force TLS 1.2, you’d use:

C/C++/C#:

curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

PHP:

curl_setopt($curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

CodeWebber team geared up in full defence mode to plug all holes that were left open by this vulnerability. We applied the necessary patches to our applications to disable insecure SSL/TLS options.

Source: CodeWebber

Responsive Website or an App – Which One to Choose?

Choosing between a mobile app and a responsive website can be tough. There are many things a responsive website can do which a mobile app is not able to perform and vice-versa.

Many factors need to be taken into consideration before choosing the platform your dream project will be used on. Here’s a walk through of things to be kept in mind before going for the kill-

1) You need to use the functions of native smartphone and tablet?

This is the first question to ask, as well as the most important. If your project requires you to have access to resources such as the camera, compass, accelerometer, etc.

Then you always have to opt for the creation of a mobile application, since these features are not accessible from a normal website. But if on the contrary you do not need access to this type of features, then you might consider the idea of ​​creating a responsive website.

2) Need to create complex interface?

If you need an application that needs to have an interface with a fairly high level of complexity, then you should opt for a mobile application.

As you already know, a responsive website has to adapt to all possible resolutions and types of screens, so when you create a site like this you are forced inevitably to find compromises and solutions that work “fairly” well in all types of browsers and devices.

On the contrary, if you develop a mobile application, you will be able to focus your resources for the optimization of only one type of device (2 if we consider the tablet as a device quite different from your smartphone).

3) Have a limited budget and time restricted?

As mentioned earlier, the budget is one of the main points to decide which approach to follow for the project. Usually (not all cases are the same).

Creating a Website Design is much less expensive than create an application, especially in terms of time: for a web designer it is much easier and faster to publish a project responsive to a movable app.

It follows that you should choose the path of the web site to be responsive even when you have very short delivery times.

4) Need a payment gateway?

If you need the user to make purchases (such as might be the case of an e-commerce website), then the best solution would be to opt for a website.

In fact, a mobile app to provide a good user-experience during the purchase is much more difficult, and if done incorrectly, you risk losing a large slice of the profit.

5) Is SEO an important factor for your project?

If visibility must be part of your project and it should be the main source of traffic and visibility, then choose to build a responsive website.

Even if you could enjoy the visibility of millions and millions of users, with a mobile app you cannot take advantage of the most common techniques of SEO, web marketing and content-based indexing.

6) Do you need to update the project?

If you can predict that your project may need many updates, then you should choose, even in this case, a responsive web site, on which you can directly intervene as and when you want, and easily make changes and various improvements.

Conclusion

As you can see the cases in which you should choose a solution responsive rather than making a mobile app are many. And perhaps this is the reason why many applications become “Zombie app” soon after their publication in the various stores and don’t offer anything more than a normal responsive website.

Source : CodeWebber