WSDL is…

• WSDL is written in XML
• WSDL is an XML document
• WSDL is communication gateway between web service provider and consumer.
• WSDL is used to describe Web services
• WSDL is also used to locate Web services
• WSDL is a W3C recommendation

Elements of WSDL file :-

Following elements are important to any WSDL File

• Message – An abstract, typed definition of the data being communicated.

• Operation – An abstract description of an action supported by the service. Basically it shows web service operation name and input output message

• Port Type – It describes a web service; operations that can be performed, and messages that are involved in WS.

• Binding – Communication protocol which is used by web service.

• Port – A single endpoint defined as a combination of a binding and a network address.

• Service – A collection of related endpoints. it will show which file/path is located for this WSDL file.

If you will merge all. File will be look like this

The store-owner observed and listened to the conversation:

The boy asked,” Lady, Can you give me the job of cutting your lawn?

The woman replied, “I already have someone to cut my lawn.”

Lady, I will cut your lawn for half the price of the person who cuts your lawn now.” replied boy.

The woman responded that she was very satisfied with the person who was presently cutting her lawn.

The little boy found more perseverance and offered,” Lady, I’ll even sweep your curb and your sidewalk, so on Sunday you will have the prettiest lawn in all of North Palm beach, Florida.”

Again the woman answered in the negative. With a smile on his face, the little boy replaced the receiver.

The store-owner, who was listening to all, this, walked over to the boy and said,” Son… I like your attitude; I like that positive spirit and, would like to offer you a job.”

The little boy replied, “No thanks, I was just checking my performance with the job I already have. I am the one who is working for that lady, I was talking to!”

This story is not written by me. I got from one of my friend via email so I would like to share with my blog visitor.

Thanks for you time

• Avoid function tests in loop conditionals: - If you’re looping through an array, for example, count() it beforehand, store the value in a variable, and use that for your test. This way, you avoid needlessly firing the test function with every loop iteration.
• Favor built-in functions over custom functions: - Since PHP has to take the extra step of interpreting your custom functions, built-in functions have a performance advantage. More importantly, there are a lot of useful built-in functions that you may never learn about if you always default to writing your own.
• Use full file paths on include/require statements: - Normalizing a relative file path can be expensive; giving PHP the absolute path (or even “./file.inc”) avoids the extra step.
• JavaScript function at bottom: – Keep your all JavaScript code at bottom of php file. Put only required JavaScript code in middle or starting of page. Another it will take unnecessary time to download JavaScript code since JavaScript is client side language so it will run after downloading. 
• Pass unchanged variables to a function by reference rather than value: - This goes hand-in-hand with the point about needlessly copying variables. Much of the time, your functions only need to use the values from their parameters without changing them. In such cases, you can safely pass those parameters by reference (e.g., function(&$parameter) rather than function($parameter)) and avoid having to make memory-intensive copies.
• Ditch double quotes for single quotes: - There’s some disagreement, but the common wisdom is that PHP has to do extra processing on a string in double quotes to see if it contains any variables. Concatenation with single quotes is marginally faster.
• Caching: - Use page caching for static data. It will help to render pages quickly. Also it reduces unnecessary request for getting data from database.
• Use echo instead of print(): - As a language construct rather than a function, echo has a slight performance advantage over print().
• Debug with error_reporting(E_ALL) : - Every warning is a performance improvement waiting to happen, but only if you can see it. Cleaning up warnings and errors beforehand can also keep you from using @ error suppression, which is expensive. Turn off error reporting when you’re going to deliver that code.
• Use mod_gzip to Compress HTML: - It tells apache to compress the HTML that you send to the person browsing your website. HTML is very compressible, and this reduces your bandwidth costs, as well as massively speeds up the speed of your website, which will help no end.

The VERY FIRST LINE of your PHP code (i.e. in your header page if you use one), you should put the following line.

ob_start(‘ob_gzhandler’);

If you’re already using the object buffer (that’s what “ob_” stands for, by the way), then don’t have two calls to the ob_start() function, just add ‘ob_gzhndler’ as the first argument.

If you’re using apache, you’ll need to enable the mod_gzip module, and add “zlib.output_compression = On” to your php.ini. If you’re running a shared server, annoy your host until they do this.

• Avoid needlessly copying variables: - If the variable is quite large, this could result in a lot of extra processing and memory. Use the copy you already whenever possible, even if it doesn’t look good  (e.g., $_POST['variablename']).
• Never User star (*) in Query: - It is bad practice to use * in query. Select only required field from table. If all fields required then use *. It will take extra processing time and memory.

• SQL is faster: – You need to remember that SQL isn’t just a data store where you insert, select, update and delete data from. It’s actually a very powerful tool for processing data. If you’re ever looking to perform processing such as math, data comparison, join’s etc… PHP will always lose in a race against SQL and you should use this to your advantage.

 So when you select data from SQL think is this as close to my desired output as I can get it? If it’s not making a better SQL query, this will be faster and also cut down on the amount of PHP code required.

• Use require() instead of require_once(): - Also quite a simple one to understand but when you use something like “require_once” over the alternative “require” PHP has to work if the file has already been ‘required’ in the script. Needless to say there is more thinking and therefore more processing which will slow things down, so it might look good but think do you really need it?

It is just few points which help to speed up PHP, I will add more later. If you have any point which can help to speed up please, feel free to put in comment.

I put this list together based on my own experience, some search on web and other people’s views.

Beginner: Knows some of the items on the list
Intermediate: Knows most intermediate items and some advanced
Advanced: Knows almost everything on the list

No doubts many points are missing like documentation, project life cycle, versioning tools etc, if you feel any point should be added, please add freely.

Since these tags are still not recommended by W3C   

New tags in HTML5.

List of tag which is not supported by HTML 5.

For example, this type of attack can come from a link like this:

<a href=http://www.xyz.com/test.php?PHPSESSID=1234> Press here </a>

A user clicks on this link and goes to your site. The attacker waits for the user to login and this is the moment where he puts his hands on the valid session ID of the user.

Way of protection:-

A.  PHP comes with a really easy solution: the use of session_regenerate_id() function which will change the user session ID. Important is to use this function in critical moments like: after a user logs in, after a user change his password, etc.

B.  PHP does allow for a “referrer check”. Sessions will only be considered if the referrer contains the string defined using the “referer_check” configuration parameter. By default, this parameter is empty. This is a very powerful way to block many session fixation attacks.

C. Do not accept session identifiers from GET / POST variables

2. Session hijacking: – This is the most common type of session attack. This refers to any method that an attacker can use to access another user’s session. The first step for any attacker is to obtain a valid session identifier, and therefore the secrecy of the session identifier is paramount. With other words, this attack comes after a session fixation attack.

Way of protection:-

A) User agent verification is a very basic way of verifying the user’s identity. When you create the session ID, you could grab the HTTP_USER_AGENT variable. Then you could verify it on each new page view. Unfortunately, if the session has been hijacked, the malicious agent could have grabbed the user agent info and spoofed it. A better method would be to store the hash of the user agent string. Better yet would be to store the hash plus a seed and verify that.

B) IP address verification is very similar to user agent verification. In some cases it is more secure. You store the users’ IP when you first generate their session, and then on every page load you verify that IP address. There are two major drawbacks to this method. A lot of locations are behind a NAT proxy, so it is possible that the attacker and the user both have the same IP address. The other issue comes from large. This is a method that is not really used, because of its drawbacks.

C) Through this method can set up two points of verification. You create a token for the users utilizing a different method from the session ID. When they first log in, create a hash of that token and store it in their session. You can then verify it on every page load. You can also regenerate this token frequently, allowing only a very short window for the attacker to guess it.

3. Session injection: – This type of attack appears when you allow user input into session without validating it.

Way of protection:-
By filtering and validating the user input.

Use External Scripts

Use the same script on multiple pages? Switch to an external script. I’m not talking about remotely hosted, I mean loading javascript files from one source instead of adding all that code to each of your pages like this:

<script type=”text/javascript” src=”yourscript.js”></script>

That way the browser already has it in it’s cache and won’t have to read it each time another page loads. This one saves a ton of load time, specially for larger scripts!. Also user external js file after body so at least your content load quickly.

Use CSS for Faster Pages

Even if you decide to use tables, CSS can greatly improve your web sites load time! With your styles in an external .css file, the browser can cache all the formatting and stylizing for your pages instead of having to read each and every single tag all over again. Also it cuts down on long drawn out tags and replaces them with smaller class styles instead.

Avoid Nested Tables

OK, I’m not a big fan of using tables for layout anyway (I’m one of those people that believes content and presentation should be separate.. but that’s another tip page). With that said, if in your templates tables seem necessary (or the easier way to do it), try to avoid nesting. Why? When you place a table inside another table, it takes a lot longer for the browser to work out the spacing since it has to wait to read the entire html and then work out the layout. If at all possible, try using CSS to create the columns on your page.

Avoid Full Page Tables for Faster Rendering

If you use tables, try avoiding the whole page being one big table. The browser won’t show anything until it’s read the whole thing that way. For a faster loading webpage, either try multiple tables (not nested) or having stuff above the main table to make your content in the first table show up faster. That way your visitors will have something to read while the rest of your page loads. It may not really make you page faster, but it will feel like it to your visitors.

Split Up Long Pages – Multiple Short Pages Load Faster

By splitting up long pages into multiple pages you not only make the content show up faster but many people that see a very long scroll bar give up. Remember, people’s attention spans are often shorter than a grasshoppers (OK, not literally, but you get my point) since so much information is available at our fingertips. Try breaking it up into more readable lengths.

Keep Your Code Clean

If you do use a wysiwyg editor, most times the will add useless code to your pages for example, many will leave empty tags (ie. <font> </font>). Removing any of those excess tags will not only speed up your load time, but make you pages validate a lot cleaner.

Remove Excess “Whitespace”

Whitespace is the spaces between your coding, removing the unneeded tabs and spaces can help a lot! Doing this will take a lot of extra bytes off the total size of your page and will speed up load time quite a bit. (Careful using automatic squishers, I find they often squish too much and makes it rather hard to edit later.)

Speed up Images Load Time

Height And Width Tags

When the page loads and the image size is already defined (ie. you’ve used the height and width tags), the browser knows where everything will be before the images are loaded. Otherwise the page has to wait and load the images before the text. Same goes for tables, so try to use width tags when possible on those as well for a speedier page.

Don’t Go Overboard On Images

While images can greatly enhance the look of a site they can really slow it down if there are too many. Try to decide if all your images are really needed (quite a few nice effects can be done with css, so sometimes images are unneeded.)

Faster Images? Reduce Their File Size

There are many totally free, online image optimizers so you don’t even have to install anything and it’s extremely easy! some online image optimizer will greatly reduce the file size of your gif, jpg, or pngs and neither you or your visitors will be able to see the difference other than a page that loads a heck of a lot faster. They also keep the transparency and animations in gifs!

GIF vs JPG vs PNG

Personally on new sites I design I tend to go for optimized pngs. They have lossless compression (jpgs are lossy) and can be used without worry (gifs have the potential to have copyright issues) and load fast when optimized. Jpgs however are usually better for photos and sometimes highly detailed images. The best idea is really to try the image you want in different formats and compare file size to quality.

Here’s a bit of fast info… If you don’t need sharp resolution, choose PNGs or GIFs over JPEGs, as PNGs and GIFs generally load quicker. JPGs are generally best for photos, PNGs or GIFs for anything else.

Scrum

Coder kya jaane coding karna kya hota……Kya Hota…..
Testing karke uska kab bhala hota…Arey Na Hota…..!!
Koi naa jaane deployment ka kya hoga…..!!!

To mouse Ghuma…Wire Hila,
Log off karke bol…Bhaiya Aal Izz Well…….Arey Chachu Aal Izz
Well….Fooh..Fooh…Fooh

Confusion hi confusion hai
Code ka kuch bhi pata nahi
Code jo humko mila to sala
Requirement kya tha pata nahi

System jo mera baar baar hang hojaye
System pe rakh ke haath usey tu phusla le
System idiot hai pyaar se usko samjha le

To mouse Ghuma…Wire Hila,
Log off karke bol…Bhaiya Aal Izz Well…….Arey Chachu Aal Izz
Well….Fooh..Fooh…Fooh

Canteen ki pee gaya chai
Dimaag to phir bhi chala nahi
Coding karte raat ho gayi
Error to phir bhi dikha nahi

Developer kya jaane uski jaan ka kya hoga….kya hoga…..
Abend ayega ya saala escalate hoga…..dono hoga…..
Koi naa jaane deployment ka kya hoga…..!!!

To mouse Ghuma…Wire Hila,
Log off karke bol…Bhaiya Aal Izz Well…….Arey Chachu Aal Izz
Well….Fooh..Fooh…Fooh

1. Don’t use the admin account – The default user account that is created with every installation of WordPress is the admin account. Unfortunately the entire world knows this, including hackers, and can easily launch a dictionary attack on your website to try and guess your password. If a hacker already knows your username that’s half the battle. It’s highly recommended to delete or change the admin account username.

2. Move your wp-config.php file – Did you know since WordPress 2.6 you can move your wp-config.php file outside of your root WordPress directory? Most users don’t know this and the ones that do don’t do it. To do this simply move your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your config file there if it can’t find it in your root directory.

3. Change the WordPress table prefix – The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. If you want to change the table prefix after you have installed WordPress you can use the WP Security Scan plugin to do so. Make sure you take a good backup before doing this though.

4. Use Secret Keys – This is probably the most followed security tip on the list, but still I’m amazed at how many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you. Copy the 4 secret keys to your wp-config.php file and save. You can add/change these keys at any time, the only thing that will happen is all current WordPress cookies will be invalidated and your users will have to log in again.

5. htaccess lockdown – This is actually my favorite tip from my presentation. Using a .htaccess file you can lockdown your wp-admin directory by IP address. This means only IP addresses you specify can access your admin dashboard URLs. This makes it impossible for anyone else to try and hack your WordPress backend. To do this simply create a file called .htaccess and add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx

You can add multiple “allow from” lines so make sure to add any IP addresses you plan on accessing your site from (ie Home, Office, etc). Remember most ISP use dynamic IPs so your IP address might change on occasion. If you get locked out just update your .htaccess file or delete it all together. This obviously is not a good tip if you allow open registrations as you need to allow your users access to wp-admin.

So, how many of these tips do you follow regularly?