PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Educate, Don't Mediate

byChris Cornutt Oct 21, 2014 @ 16:53:55

In his latest post Anthony Ferarra makes a suggestion about teaching developers how to solve problems via a "quick fix" versus educating them about the real problem: educate, don't mediate.

Recently, there has been a spout of attention about how to deal with eval(base64_decode("blah")); style attacks. A number of posts about "The Dreaded eval(base64_decode()) - And how to protect your site and visitors" have appeared lately. They have been suggesting how to mitigate the attacks. This is downright bad. The problem is that these posts have been suggesting things like "Disable eval()" and "Disable base64_decode()" as possible solutions. And while technically that would work, it completely misses the point, and does nothing to protect users

He suggests that developers shouldn't just look for a "quick fix" solution posted in a tutorial somewhere and go on their merry way. One danger in this is that those instructions could only be patching part of the problem, not all of it. In this case, the disable eval/base64 handling is only a code-level fix. If this exploit exists in your application, the attacker was able to get to the local file system - a much bigger problem.

Community News:
An Effort to Deprecate the MySQL Extension

byChris Cornutt Jul 15, 2011 @ 14:48:17

According to this new post to the PHPClasses.org blog today, the core PHP development team has put plans in motion to try to remove the original MySQL extension from the default PHP installation.

PHP core developers are planning to kill the PHP original MySQL extension. If you are using MySQL in your PHP applications for a long time, this may seriously affect you.

Right now it's just in the proposal states (as suggested by Philip Olson) but, if fully acted upon, could have large implications on a number of PHP applications currently using MySQL. For now, though, Philip is only suggesting an education of the PHP user base that they should migrate to either pdo_mysql or mysqli for the future of their apps. Most of the comments following in the mailing list thread are supportive of the effort. They note that it won't be an easy task and, in the end, will still be a "bitter pill" for developers to swallow when the switch is finally thrown.

For the full thread of this discussion, see here and keep clicking through on the "next in thread" link.

tagged: mysql extension deprecate educate database mailinglist internals

Link: