PHPDeveloper.org: Ed Finkler's Blog: The Zend Framework and Its Influence on Secure PHP Development

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

Site News: Job Postings for the week of 11.23.2008

KillerPHP.com: Creating a Wordpress Theme from Scratch (Video)

Chris Hartjes' Blog: Handling Multiple Environments In Your PHP Application

Ed Finkler's Blog:
The Zend Framework and Its Influence on Secure PHP Development

by Chris Cornutt March 16, 2007 @ 08:28:43

Ed Finkler has an interesting new post on his blog today that looks at what kind of influence the Zend Framework has had on the PHP community's outlook on secure web development.

I posted this rather lengthy argument in the Zend fw-core mailing list after I learned that the Zend_Filter_Input component had been dropped from the Zend Framework. I have used this component extensively in various projects, and had written up a contribution to the Zend DevZone that described using a bootstrap script to block direct access by your developers to the superglobal user input arrays ($_GET, $_POST, $_COOKIE, etc).

He includes the post and talks about things like the good side of PHP's popularity and the bad side (like developers that cannot write secure applications). He targets the Zend Framework as one tool that has made it slightly harder to write secure applications (as of the move from 0.7 to 0.8 because of small things like having to create a filter object to do any filtering).

The key to his complaint is the removal of the Zend_Filter_Input component which, from his perspective, made things easier to secure and made for simpler and cleaner code.

0 comments voice your opinion now!
secure development zendframework future zendfilterinput secure development zendframework future zendfilterinput

Similar Posts

IBM developerWorks: PHP frameworks, Part 1: Getting started with three popular frameworks

Developer Tutorials Blog: 4 PHP Professional Development Paths

Jani Hartikainen's Blog: Making a PDF generator class using Zend_Pdf

Micah Carrick's Blog: Customizing gedit as a Web Developer's IDE

Rob Allen's Blog: View Helper Case Notes

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework