PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Symfony Blog: Running a TV station with symfony

Eli White's Blog: Conferences, Speakers & Presentations

Ibuildings techPortal: Zend Studio formatted for Zend Framework and ATK

NETTUTS.com: How to Create a PHP/MySQL Powered Forum from Scratch

InsicDesigns Blog: Embracing PHP 5.3 MVC with MiMViC

Brandon Savage's Blog: Learning Zend Framework: A Case Study

Ibuildings Blog: New white paper: Continuous Integration

Site News: Blast from the Past - One Year Ago in PHP

P'unk Avenue Blog: Faster, PHP! Kill! Kill!

Jack Diederich's Blog: Comparing the Ruby/PHP/Python C Interpreters

feed this:

PHP Discovery Blog:
Dangers of Remote Execution

by Chris Cornutt November 21, 2007 @ 13:48:00

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

0 comments voice your opinion now!
danger remote execution pregreplace include eval shellexec exec require danger remote execution pregreplace include eval shellexec exec require

Ivo Jansch's Blog:
The danger of Fluent interfaces

by Chris Cornutt December 30, 2005 @ 07:07:45

On Ivo Jansch's blog today, he takes the other side of things on the issue of fluent interfaces.

After Martin, Mike and Paul have demonstrated the usefulness of Fluent Interfaces, I'd like to take a look at the downside.

Ironically, Martin's original example already demonstrates the problem. (In the example) newOrder could be implemented in two ways: Create an order and return that new order, and Add an order to this customer and return the customer.

This can lead to confusion; the 'with()' method employs method b. If you think that newOrder returns an Order, and hence 'with()' is a method of the Order class, look at 'skippable'. Martin states that order lines are skippable. So what's in front of skippable() is an OrderItem. That means that with() must have returned an OrderItem. If that is true, then with() is a method of OrderLine too!

Confused yet? Well, be sure to check out his examples - they help to clear up at least the items mentioned above. His point is that, while the fluent interface does make it more readable, it can also make it more confusing - taking things down to such a simple level can sometimes eliminate some needed complexity to make things work properly (or as the user percieves "properly" to be)...

0 comments voice your opinion now!
danger fluent interface simplicity confusing danger fluent interface simplicity confusing

Community Events

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework