Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nikita Popov's Blog:
Don't be STUPID: GRASP SOLID!
Dec 28, 2011 @ 15:26:14

Nikita Popov talks about the SOLID coding practices and creates his own acronym for the complete opposite - STUPID (Singleon, Tight coupling, Untestable, Premature optimization, Indescriptive naming, Duplication).

Ever heard of SOLID code? Probably: It is a term describing a collection of design principles for “good code” that was coined by Robert C. Martin (aka “uncle bob”), our beloved evangelist of clean code. [...] So, why not approach the problem from the other side for once? Looking at what makes up bad code.

He goes through each part of his STUPID acronym and talks about how it can hurt your code and a few alternatives to help make your application more flexible and easier to maintain in the long run. He also mentions GRASP (General Responsibility Assignment Software Principles), another set of good practices to follow, some similar to SOLID, that can make your app better.

tagged: stupid solid grasp development practices opinion

Link:

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode
Aug 22, 2007 @ 21:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

tagged: core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies

Link:

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode
Aug 22, 2007 @ 21:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

tagged: core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies

Link:


Trending Topics: