News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paul Reinheimer's Blog:
The Danger of Hooks
January 12, 2012 @ 09:12:18

Paul Reinheimer has a recent post to his blog talking about the danger of "hooks" in your development - the functionality several frameworks and other tools come with to allow you to add functionality to the core without having to change the main source.

I ran into hooks rather simultaneously with two very different frameworks: Code Igniter and Lithium. In both cases I was using a rather nifty hook to handle ensuring that users were properly authenticated and authorized before accessing a page. [...] One day, while messing around, I accidentally turned off the hook configuration within Code Igniter (actually I clobbered a file, and restored the wrong one). Then, things came crashing down in a horrible cacophony of... actually they didn't. Everything kept working: that was the problem.

He shows two solutions he came up with to be sure that his hooks were executed - one for Lithium and the other for CodeIgniter. The Lithium one uses a "_remap" method and the CodeIgniter example uses the magic "__invoke" method to check for an "AUTH_CHECKED" constant that's only defined as a part of his hooks.

I'm no longer entirely dependent on one configuration option or file for my security to function. Should it fail, I've got a secondary check in place; this example of defence in depth allows me to be comfortable with the hooks security system once more.
0 comments voice your opinion now!
danger hook framework codeigniter lithium failure


blog comments powered by Disqus

Similar Posts

NetTuts.com: Advanced CodeIgniter Profiling With XHProf

Zend Developer Zone: PHP Abstract Podcast Episode 19: Glue Frameworks vs. Full Stack Frameworks

PHPMaster.com: Explore Aspect Oriented Programming with CodeIgniter, Part 1

CodeIgniter.com Blog: CodeIgniter Con 2010

Richard McIntyre's Blog: Weaving Lithium #li3 into a legacy PHP application incrementally


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant interview security tool language library artisanfiles podcast framework version community series release list composer laravel opinion conference symfony introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework