Today I’ve released a complete rewrite of the Amazon S3 extension for Download Monitor. Amazon introduced version 4 of their Signature back in 2013 that required a different, more complicated and secure, way of signing the S3 requests. All currently existing regions would support the old (2) and new (4) signature but new regions would only support the new one (4).
Here comes Frankfurt
The latest Amazon S3 region Frankfurt (technically: eu-central-1) is the first region created after this change and will therefor only work with the version 4 signature. So if you were using the Amazon S3 extension for Download Monitor and would use the Frankfurt region, your download wouldn’t work. Luckily Amazon added support for the the version 4 signature to all their older regions, so all I needed to do was update the extension to use the new signing method.
The Amazon Web Services SDK
The older version of our extension would sign the requests by creating a hash based on a handful of arguments, combining public and private data. The new signing process is an 8-step process, creating SHA256 hashes and then constantly using those hashes as data or keys for other hashes. It’s quite a complex process that most don’t have to look into because they’ll simply use the AWS SDK. The AWS SDK, created by Amazon, does all the signing steps for you. You only have to give it the dynamic arguments like access keys and buckets and it will generate the new signed request for you. But the AWS SDK had one issue for WP developers, it requires PHP 5.5 (or higher).
Reinvent the Wheel or Bump PHP Requirement
So I had to choose. Would I completely rebuild (quite a large) SDK to make it compatible with PHP 5.2, or would I bump my PHP version requirement to 5.5. It’s funny that being in the WordPress scene so long, PHP 5.5 feels like a crazy high version to require from a user. But then I reminded myself that PHP 5.4 will not receive security updates anymore in 1 month. PHP 5.5 will be the lowest secure PHP version one month from now.
I decided to bump the PHP requirement to 5.5 for this extension. I could blame this on Amazon but if you think about it, the blame is actually on WordPress.
Fair enough if you ask me…
What’s the alternative? Stay in the dark ages forever? There always comes a point where legacy systems need to be upgraded to stay relevant.
I totally agree with you and would recommend the same to everyone but it’s always a bit more scary when you’re the one releasing the update!
Definitely the right call, thanks for being one of the few brave developers that help pushing hosts to get their act together.
More plugins requiring modern day PHP versions › more users caring (it’s sad that they have to) › more hosts pushed to update their PHP packages.
Rock on buddy!
Thanks for the support mate 🙂
How many users will benefit from the added region vs people who will not be able to upgrade due to their hosts not offering that version of PHP? Why couldn’t you just ignore that new region?
People that do not upgrade their hosting, also do not upgrade their software. Running web software on servers and software that has not had security updates in YEARS is just totally irresponsible. If hosters do not upgrade their PHP version, why would they update their kernals, webservers and database servers? Or things like OpenSSL? If your host only support 5.2, you should have left that hosters years ago!
Supporting 5.5 and up for now is a great move. It takes a few of these moves to move the scene forward!
And if you still have 5.2, you can also run the old version of the plugin. If you don’t upgrade, you also don’t deserve the cool new stuff.
Hey Paul,
I understand where you’re coming from but I think you have to look at this issue in the long term as well. At the moment PHP 5.4 is still maintained, in a month it isn’t anymore. At the moment there’s just 1 new Amazon region, in a year there might be many more.
Also, like Casper also said, there is no need to upgrade from the old extension at the moment. If you’re at a host that doesn’t support PHP 5.5 you can keep using the old extension version while you’re looking for a new host.
Hope this answers your question, thanks for your feedback!
Kind Regards,
Barry Kooij