Blogs

This course will introduce core database concepts and provide instructions on using popular open source (and free) database systems to help new users sink their teeth into SQL.

Register at the PhillyDB meetup site.

This presentation will cover one of the lesser known, but extremely powerful NoSQL solutions called Riak. Starting with high level insight into NoSQL as a whole, drilling down to what Riak is and the solutions it is best for, and finishing with a demonstration of its capabilities and usage via client language libraries.

Register at the PhillyDB meetup site.

Beer and database talk. Come on out and meet the PhillyDB folks!

Thursday, August 25, 2011 at Nodding Head Brewpub.

You can register at the PhillyDB meetup site.

In response to my AJAX with CSRF Protection in Codeigniter 2.0 http://aymsystems.com/ajax-csrf-protection-codeigniter-20 post, a commenter named Equalizer wrote:

"This does not work for me. If you leave page open long enough for cookie to expire, the value is no longer retrievable, and the server does NOT set a new cookie like it would if the page were refreshed!"

The author is correct, but the issue isn't with my AJAX fix. Rather, that problem is inherent to the way CSRF protection is implemented in CodeIgniter.

The idea for GroupsFinder came about as we got more and more involved in Philly tech groups.

It seemed that every month or so we would learn about a new group or two. At first we took this as a sign of a thriving community (and it is indeed a thriving community). But we quickly realized that these weren't always new groups - they were often just new to us.

Groups have many options for forming and hosting an online presence:

• Independent, custom-built sites
• Mothership sites - local groups for a specific product or organization
• Group hosting sites - Meetup.com, Google Groups, etc

But that diversity makes it more difficult to find the groups (and for them to get found).

As we thought more about this, we became frustrated that there wasn't a single place where we could find all of the groups near us (or anywhere we were planning to be).

GroupsFinder is that place.

PhillyDB members can get a 20% discount. Use discount code SD20.

I'll be there, and I hope to see some of you!

Mongo Philly

http://www.10gen.com/ conferences/mongophilly2011

ABOUT

Mongo Philly is a one-day conference dedicated to the open source, non-relational database MongoDB. The conference will feature sessions on schema design, indexing, administration, replication, sharding, and more. The event is sponsored by 10gen, the company that develops and supports the database.

DATE

Tuesday April 26, 2011
9:00am - 6pm

LOCATION

Sheraton Society Hill
One Dock Street (2nd and Walnut Streets)
Philadelphia,Pennsylvania 19106

REGISTRATION

$100 general admission
$30 students

PhillyDB is excited to announce "A CouchDB Doubleheader" on Tuesday, March 29, 2011!

Apache CouchDB is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript. CouchDB is also distributed, featuring robust, incremental replication.

This event features:

- Angel Pizarro from UPENN presenting an Intro to CouchDB - targeted to those new to NoSQL
- Mark Headd of Voxeo Labs discussing some of the more unique and interesting features of CouchDB, including geographic queries, the real-time changes API, and several other novel features.

This event will be held at the Buchanan Ingersoll & Rooney offices in Two Liberty Place. Doors and networking at 6:00, meeting begins at 6:30.

Register at the PhillyDB meetup site.

Join us for PhillyDB's first meetup, February 15, 2011 at 6:00 PM!

Our core presentation will feature Sean M. Collins from Core IT Pro on understanding and using Amazon's SimpleDB service. Amazon SimpleDB is a highly available, scalable, and flexible non-relational data store that offloads the work of database administration.

More info at the PhillyDB meetup page.

Update: With the official CI 2.0 (Reactor) release, the names of the CSRF token cookie, and the hidden form input element, have been changed from ci_csrf_token to csrf_token_name. This post has been updated to reflect that change.

Codeigniter 2.0 adds an important security feature to prevent CSRF (Cross Site Request Forgery) attacks. Even better, the feature is automatically added to your forms, assuming that

1. you've enabled it in config.php, and
2. you're using the form_open() function from the Form Helper

Bastian Heist wrote a great post about CSRF, and Codeigniter's handling of it, a couple of weeks ago. I'll provide a very brief overview of the handling here, but I encourage you to go read Bastian's post.

The CSRF detection and protection occurs behind the scenes, in the course of normal form processing. An input type=hidden element is automatically added to the form by the form_open() function. When the form is submitted, the Security class looks for this element and attempts to match its value against a cookie bearing the same name. If they don't match, the form will be rejected.

Since this happens behind the scenes, your normal form processing will not require any remediation when you upgrade from CI 1.7.x to CI 2.0.

Note that I said "normal form processing". I came upon this knowledge when I converted a dev site from 1.7.2 to 2.0, only to find that all of my AJAX functions were returning 500 Internal Server Errors.

I hadn't a clue at the time what was causing this, and initially assumed that it was an issue with my hosting provider. Since it was a dev site, and I was entertaining a colleague, I ignored the issue until he left.