News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
MVC - a Problem or a Solution?
July 28, 2014 @ 11:42:36

The SitePoint PHP blog has a new post by Jeroen Meeus that wonders if MVC is a solution or a problem when it comes to developing web applications.

Repositories, Adapters, MVC with all it cousins, SOLID, RTFM… As a (PHP) developer, those words are thrown at you from every corner of the web. And I hate it, I've had enough. Stop telling me what to do and show me those kittens instead. [...] When solving the web-application problem, we are forced to use MVC. The dev community often frowns upon those who don't use it, but seldom lets those they're frowning upon ask why. [...] MVC doesn't solve the Code complexity problem. It doesn't solve the code reuse or no-flexibility problem either. And it doesn't guarantee decoupled code.

He goes on to talk about how design patterns don't "solve problems". Rather they help us as developers by providing a best practice we can follow to get the job done. He suggests, though, that MVC has become "the new Singleton" but it has been used so much in so many different ways, it's boarding on the point of being abused.

Depending on the situation, and the problem at hand, different patterns can help you write robust, secure and understandable code. Just be careful using them - if you catch yourself using the MVC pattern for a 1-pager, ctrl+a del.
0 comments voice your opinion now!
mvc designpattern problem solution abuse

Link: http://www.sitepoint.com/mvc-problem-solution/

Docnet.nu:
SSL And PHP Streams - Part 1 You Are Doing It Wrong™
June 26, 2014 @ 09:54:40

On the Docnet.nu blog today they've kicked off a series looking at the use of streams and SSL in PHP and asking if you're doing it wrong in your current applications. The focus is more on the security aspect, breaking it down into a set of common problems (and how to work around them).

The upcoming PHP 5.6 release brings with it a number of improvements to encrypted PHP streams, both internally and externally. In these articles I will try to cover the most important changes, and how they affect your code. This article will focus on how to get the best security level in code that needs to be run on PHP versions below 5.6, and highlighting some of the gaps in the currently available functionality. Version 5.4.13 is the earliest version that supports all the options described below - and if you are running something earlier than this, then you really should consider upgrading to at least the latest version of the 5.4 series 1.

Their list is made up of six different problems:

  • Problem 1: Peer Verification
  • Problem 2: Cipher Lists
  • Problem 3: Protocol Support
  • Problem 4: TLS Compression Attack Vulnerability
  • Problem 5: Cipher Order
  • Problem 6: TLS Renegotiation Attacks

Each problem comes with a brief description of what it is and why it's an issues. Some also include code snippets showing how to correct the issue, usually relatively simply.

0 comments voice your opinion now!
streams problem list solution https tutorial

Link: http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

Timoh's Blog:
Aggressive password stretching - A solution to the low-entropy keys problem?
November 29, 2013 @ 10:15:30

While not specifically related to PHP, this new post from Timoh looks at the idea of "aggressive password stretching" to help with a common problem in password-based systems - the poor choice of passwords from the application's users.

Practically speaking, "weak" means a user generated password will not contain enough guessing entropy to resist an adversary who managed to gain the user database dump, and who is able to run efficient offline attack against leaked hashes. Here comes in the need to make adversary's job harder, which is achieved by using the above-named algorithms.

He doesn't talk much about the actual password hashing itself, instead focusing on how the password stretching - the addition of more information not from the user (usually an automated source) to increase it password entropy. He goes through some of the math about how much extra work is required for an attacker with this method and some of the problems that can come with it. He talks about how much time should be spent in the hashing of the passwords and suggests that it's "a matter of finding a sweet spot between you and attacker's patience and the security gain" and not just about the security.

A bit more on the PHP-specific side, he briefly looks at the password_hash function and some of the defaults the more current frameworks use (hint: bcrypt all the things).

Proper password hashing is clearly not enough to make sure the password hashes are not weak. The other half of the job is a good password policy. No algorithm or setting will save passwords like "password" or "12345" etc. This is why we need to make sure the user's password will initially contain enough entropy itself.
0 comments voice your opinion now!
password stretching hashing aggressive entropy solution

Link: http://timoh6.github.io/2013/11/26/Aggressive-password-stretching.html

Anthony Ferrara:
Reinvent The Wheel!
August 06, 2012 @ 09:03:19

In this recent post to his site, Anthony Ferrara takes an the phrase "reinventing the wheel" and wonders if, maybe, it's not such a bad thing sometimes.

"Don't Reinvent The Wheel" is a phrase that we hear used all the time in software development. Usually it's used in the context where a library exists to do what the user wants, but they are writing their own. While the sentiment is usually correct, I can't stand the implication of the phrase. Therefore, I can't stand it when people use that phrase without understanding what it really means. Let me explain...

He notes that, while there might be things out there that do something well, it doesn't mean that the "wheel is perfect" and you shouldn't venture out and try something new. He points out two places where it could be good - when a general solution doesn't work and for education/research.

Even as a senior developer, if you never try to reinvent the wheel from time to time, you'll never push your capabilities. You'll never expand your conceptual model of problems. And if you never do that, the world will blow past you.
0 comments voice your opinion now!
reinvent wheel opinion development education solution


Anthony Ferrara:
Is Autoloading A Good Solution?
July 20, 2012 @ 15:56:30

In his most recent post Anthony Ferrara takes a look at autoloading - mostly asking the question of whether the problems it has really outweigh the benefits.

The real problem that autoloaders solve is to load dependencies. [...] The normal logic that's used to justify autoloading over manual dependency loading in production is that it only loads the classes you need. Therefore you save the parsing costs of classes that you don't need. But surely that additional run-time loading has costs. So I decided to setup a test to see how expensive that additional run-time loading costs us, and to prove whether or not autoloading is worth it in production.

He gives an example of the two methods - using the spl_autoload_register method to define a loader and loading them with a defined file path instead. He found the autoloading version slower than the hard-coded (by quite a bit) but how, when the number of files is reduced, the performance gets much closer. He also briefly looks at two other pieces of file-related functionality: file_exists and require_once.

0 comments voice your opinion now!
autoload solution performance static path fileexists requireonce


Lukas Smith's Blog:
Query parameter handling in Symfony2
May 14, 2012 @ 11:56:37

Lukas Smith is looking for feedback about a question that's been in his mind a lot lately - can the handling of query parameters be made better for the Symfony2 framework (and even easier to use).

Obviously you can already access query parameters today already but it could be easier. Essentially what I want is a way for developers to easily configure what query parameters they expect and what values they expect. This is useful for several things like easier reading and validating of query parameters, self documenting API both for API docs for humans but also for machines.

He's asking for feedback and ideas from the community on a proposed solution that could make things more flexible. He also briefly mentions the route matching and how qurey parameters could cause them not to match:

For one I don't think that a mismatch on a route requirement of a query parameter cause the route to not match. However then it can quickly become confusing for the end user or it would require adding more and more syntax to handle all the different cases.
0 comments voice your opinion now!
symfony2 query parameter handling solution routing match


PHPClasses.org:
Lately in PHP podcast episode 13 - Dedicated PHP in Cloud Solution with PHPFog
June 30, 2011 @ 10:58:40

PHPClasses.org has posted the latest episode of their "Lately In PHP" podcast series, a look at the cloud hosting PHPFog now offers including an interview with Lucas Carlson, CEO of PHPFog.

On the Lately in PHP podcast episode 13, Manuel Lemos and Ernani Joppert interview Lucas Carlson, founder and CEO of PHPFog, to tell us about the advantages of using a Cloud Hosting service that is optimized to address needs that are specific to PHP Web sites and applications. They also comment on the PHP 5.3.6 forked version released by Robert Eisele and the PHP features being voted for inclusion in version 5.4.

You can listen to this latest episode in a few different ways - either via the in-page player, by downloading the mp3 or by subscribing to their feed.

0 comments voice your opinion now!
phpfog cloud offering solution interview lucascarlson fork release


Cal Evans' Blog:
Six ways to be a better client for your developer - Point 3
January 19, 2011 @ 12:53:24

Cal Evans has posted his third tip for clients wanting to have a better relationship with the developers on their project. This new tip talks about the balance between suggestions and "being sold" on technologies.

To balance Point 2, make sure your developer fully understands the problem and has put thought into it before actually proposing a solution. If, in the first meeting they propose a solution, especially a pre-packaged solution like WordPress, Joomla or Drupal, exit the building in a calm and orderly manner. In these cases they are selling you the solution they know, not the solution you need.

He suggests that you tread carefully when it comes to software choices and don't blindly follow the suggestions handed to you. A little research is all it takes to see if their proposal is actually a good fit. Ask a lot of questions and really think about the answers before moving on.

0 comments voice your opinion now!
client developer opinion sold solution


Chris Hartjes' Blog:
"U R Doin It Wrong" - Adventures with flexible forms in Zend Framework
March 23, 2010 @ 08:58:40

In a recent post to his blog Chris Hartjes has written about his (mis)adventures with Zend_Form, a powerful but sometimes difficult to use component of the Zend Framework.

Zend_Form is a super-powerful, force-of-nature tool. By force-of-nature I mean it does all this crazy stuff, and you can see it doing it, but I am not alone in admitting that taming it sometimes is very difficult. When building tools to make form programatically you either severely limit peoples options or make it so flexible that there are multiple ways to get something done.

Because the Zend Framework "treats you like an adult" it can be difficult to get just what you want from it (ease of use isn't quite top of the list). In this case, Chris wanted a relatively simple form that did some checking before it successfully submitted. Over and over the form passed without him being able to tell why - the solution was a pretty simple one, though - be sure to create all form elements before you do validation.

He includes some same code - a "before" and "after" for the solution.

0 comments voice your opinion now!
zendframework issue zendform solution


Rob Allen's Blog:
UTF8, PHP and MySQL
March 19, 2009 @ 08:43:19

Rob Allen had a problem - he needed to get the "pound" (as in the British monetary unit) into his MySQL database. His database didn't seem to want to comply:

Everyone else probably already knows this stuff, but I hit an issue today to that took a while to sort out. Fortunately, some kind folks on IRC helped me, but as it's embarrassing to ask for help on the same issue twice, I'm writing down what I've learned! The problem: Get a £ character stored to MySQL, retrieved and then displayed without any weird characters in front of it using UTF8.

His solution? Make sure you're using UTF-8 everywhere, not just when trying to insert into the database - in the broser's headers (both going in and coming out) and in the MySQL database insert. He gives code examples for each including database examples for PDO and the Zend_Db component of the Zend Framework.

0 comments voice your opinion now!
utf8 mysql insert pound character example problem solution



Community Events





Don't see your event here?
Let us know!


release version voicesoftheelephpant opinion introduction language library laravel series security composer tool mvc framework package update interview community symfony podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework