News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DevCentral Blog:
Why Is Reusable Code So Hard to Secure?
January 08, 2010 @ 10:28:42

In this recent post to the DevCentral blog (from f5.com) they ask why reusable code, one of the foundations of good development (especially in PHP) is so hard to secure.

Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to secure the application it also makes implementing security more difficult.

The article talks about a project the author was working on and how, when he came across a need for a component and found one that worked, they were surprised to see how difficult it would be to secure it without adding on extra code bloat. He describes some of the issue and talks about how the development of the component must not have included any thought into things like input validation or filtering. One suggestion is to employ a firewall to sit in front of the entire application and handle all of these things without changes to the code.

2 comments voice your opinion now!
reusable code security filter firewall


blog comments powered by Disqus

Similar Posts

NETTUTS.com: Can You Hack Your Own Site? A Look at Some Essential Security Considerations

DevShed: Validating Octal and Hexadecimal Values with Filters in PHP 5

PHP.net: PHP 5.2.1 and PHP 4.4.5 Released

DevShed: Validating IP Addresses with Filters in PHP 5

Timothy Boronczyk's Blog: Spaghetti Code Considered Harmful


Community Events











Don't see your event here?
Let us know!


introduction code application component series symfony2 package example framework hack hhvm composer language release security overview facebook unittest podcast install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework