News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
A Lesson In Security
November 03, 2014 @ 09:11:49

In his most recent post Anthony Ferrara gives a lesson in security prompted by the recent major issue with a SQL injection vulnerability in Drupal. He gets into detail about the vulnerability itself and the ultimate question: "how could this happen?"

Recently, a severe SQL Injection vulnerability was found in Drupal 7. It was fixed immediately (and correctly), but there was a problem. Attackers made automated scripts to attack unpatched sites. Within hours of the release of the vulnerability fix, sites were being compromised. And when I say compromised, I'm talking remote code execution, backdoors, the lot. Why? Like any attack, it's a chain of issues, that independently aren't as bad, but add up to bad news. Let's talk about them: What went wrong? What went right? And what could have happened better? There's a lesson that every developer needs to learn in here.

He details (complete with code examples) where the vulnerability was, how it could be exploited and what the resulting SQL would look like when it was abused. Fortunately, the fix for the issue was relatively simple, but fixing is easy - distributing that fix is much more difficult.

How did this happen? Everyone makes mistakes. Everyone. It's going to happen sooner or later. Heck, this vulnerable code was in the database layer since 2008, and was just discovered two weeks ago. That says something about how complex vulnerabilities can be.

He suggests that the bigger lesson here isn't about who made the mistake or even the code that caused it. It's more about how it was handled, and that, in using any kind of CMS/framework like this there's always risk. People are human, people make mistakes - "the key is how you deal with it".

0 comments voice your opinion now!
security drupal vulnerability detail lesson risk handle

Link: http://blog.ircmaxell.com/2014/10/a-lesson-in-security.html

Aaron Jorbin's Blog:
Commit The Story of Writing a WordPress Patch
August 09, 2010 @ 12:57:17

For those that have considered contribute back to the WordPress project but weren't sure what the experience might be like, you should check out this helpful post from Aaron Jorbin with his story.

Hanging out in the #WordPress irc channel or on the wp-hackers mailing list, a question that comes up from time to time is 'How do I get a bug patched'. I recently had a patch committed, so I thought I would detail the process from start to finish to help others get an idea of the process.

He shares three lessons he learned during the experience - make it easy for non-coders to see the change, getting suggestions from other developers on the patch and realizing that sometimes, a small change in one place can break other things too.

0 comments voice your opinion now!
wordpress patch experience lesson


Smashing Magazine:
Lessons Learned from Maintaining a WordPress Plugin
August 02, 2010 @ 11:08:05

On Smashing Magazine today there's a new article from Joost de Valk about some of the things he learned from maintaining a WordPress plugin - one to help easily track your site via Google Analytics.

Recently I released a WordPress plugin for Google Analytics that adds a tracking code and dozens of various pieces of meta data to blogs. Since the release of version 4, I've updated it 6 times, to the point where it's now at version 4.0.6. In this article I would like to share with you my experiences in maintaining this and other WordPress plug-ins and common good practices that I've distilled from that work.

He breaks it up into a few different categories:

  • Website and Account Configuration
  • Versioning Option Arrays
  • Don't Release Too Soon
  • Know Which Version People Are On
  • URLs in WordPress
  • Writing to the Root Directory
  • Rethink Your Filters
  • Never Assume
0 comments voice your opinion now!
wordpress plugin learn lesson experience wordpress plugin


Matrin Rusev's Blog:
Building a PHP Framework - Lessons Learned
February 26, 2009 @ 12:02:32

If you're thinking of trying your hand at creating your own PHP framework, you might want to check out this post from Matrin Rusev about some of the lessons he learned (the hard way) about framework construction.

After using Codeigniter, CakePHP and Zend Framework for a while I decided to build my own framework. I wanted to include some features that I couldn't find the way I like them in none of the projects I tested. These are some lessons I learned the hard way. I hope you'd find some useful tips for your software projects.

The post looks a a few different topics - doing good planning before development starts, using third-party libraries, planning out the syntax the components inside of your framework will use, how to handle debugging and two tools you can use to benchmark the end result.

0 comments voice your opinion now!
build framework custom lesson plan thirdparty library syntax debug benchmark


Deasil.com:
Lessons to be learned from PHP
January 12, 2008 @ 20:04:00

In a new post to the blog at deasil.com, they talk about some of the lessons they see that can be learned from PHP and how it works/is packaged up.

PHP, though, came along with a breakthrough idea - mod_php was an everything in one install. Unlike mod_perl, mod_php gave you a programming language, templating language and extension all in one.

He advocates the PHP language developer's decisions to include everything into the core of the language which (while maybe not the best of decisions) has made PHP into one of the most practical development languages and has helped to make it one of the most popular and widely used languages on the web.

0 comments voice your opinion now!
lesson learn core community popular practical lesson learn core community popular practical



Community Events





Don't see your event here?
Let us know!


laravel composer community framework release artisanfiles language library podcast voicesoftheelephpant opinion tool conference introduction version security interview symfony series list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework