PageBox for PHP is a version of PageBox written in PHP.

For more information about PageBox concept you can read:

The Presentation document

The Rationale document

The FAQ

Through PageBox for PHP implements the same concept as Java PageBox,

• It cannot provide the same fine grained security as Java PageBox because PHP doesn’t implement sandboxes

• It is simpler to install and use

PageBox for PHP is the prototype of a new design that we also implemented in .NET

If you don’t yet know PHP, you can read:

• Zend’s tutorials

• Denis Beurive’s notes about PHP

PHP is the most used server page technology as you can see on Security Space statistics.

PHP is a server plug-in. It needs a server that can be:

• Apache (the most commonly used) that you can download on Apache site. Apache is free and Open Source.

• iPlanet. You can download an evaluation copy on iPlanet site.

• Microsoft IIS

• BadBlue, a single threaded Web server that you can download here. BadBlue is free and small. The current package has a size of 234KB. You can install it on the oldest workstations

• Many others listed in PHP documentation

You can download PHP 4 from Zend site.

PageBox for PHP has been tested with PHP 4.0.6, PHP 4.2, Apache 1.3.22 and BadBlue 1.6 beta.

A PageBox host is not necessarily an ASP. On Internet it can be any host with a static IP address. On Intranet it can be any server.

The Application Server can be any Web Server configured with the PHP module.

The presentation can be in any format supported by the PageBox host, for instance:

• IIS ASP

• CGI

• Java Web archive or any combination of servlets and JSP

• PHP

A PageBox repository is essentially a well-known point where:

• PageBoxes subscribe to get published presentations

• Presentation providers publish their presentations

PageBox repository is implemented as a set of PHP pages.

The Presentation provider publishes presentations on repositories.

PageBox for PHP 0.0.4 and above has a Web service API allowing distributed applications to find their peers installed from the same repository. This API uses SOAP.

Distributed applications can then call Web services (here Location) on its peer instances. Typically these Web services answer questions: Where? What? Is the good available? Which price? Which data do you own?

See the Installation guide to download and install PageBox for PHP.

See the Customization guide for more information about the implementation and configuration files.

See the Security guide for Apache configuration.

We recommend in the Security guide to use HTTPS, which means for instance to use mod_ssl with Apache. You get two things with HTTPS:

1. The publishers can check that they connect to your repository

2. The traffic (upload and deployment) is encrypted and checksumed

The first point can be a problem: publishers trust the repository as much as they trust the HTTPS server certificate. You can generate self-signed certificates with Open SSL but such certificates just say: "I certify that I'm myself." Otherwise you can buy a certificate to a Certificate Authority (CA). More you pay for your certificate more trustable the certificate is, because the CA checks more things. A low price certificate just says: "Someone with this mail address was charged for $xx on its credit card and didn’t complain later on."

It is frustrating to give something for free and then to say that for Internet usage, you should pay someone but the certification process implies recurring administrative cost and legal risk. Furthermore ASPs often provide HTTPS only with their more expensive subscriptions. It can change. Look for instance at

Super Cert Hosting: Secure SSL hosting with support for PHP, PERL, and more.

Contact:support@pagebox.net
©2001-2004 Alexis Grandemange. Last modified .