News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Framework Fixation - An Anti Pattern
July 31, 2012 @ 09:21:59

In a recent post to his blog Anthony Ferrara takes a look at what he calls the "Framework Fixation" anit-pattern - that one of the first inclinations he sees is to use a framework when it may not be needed.

In this day in age, it seems that the community trend is completely and unequivocally trending towards the use of web application frameworks. So much so that the defacto first comment to someone asking how to do something seems to be "Just use a framework, and it'll solve the problem for you." While I completely understand why this is the case, I can't say that I agree with it. And while I do believe that frameworks serve a purpose, I think that they are vastly over-used. Let me explain why...

He starts off by describing what a framework is (its components, goals) and points out a few flaws in their use. These include the removal of emphasis on the setup/configuration/bootstrapping of the application (it's part of the architecture too!), how they can help (and hurt) in prototype situations, the myth of the shorter development time and that looking for "framework developers" that only know how to use the tool could hurt you in the long run.

0 comments voice your opinion now!
framework opinion flaw misconception


PHP.net:
PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
May 07, 2012 @ 09:03:59

The PHP.net site as new post with some supplemental information for those users of the PHP CGI that might be effected by the recently announced bug, the reason for the most recent release. Unfortunately, this patch only fixes some of the cases of the problem, so they've amended their instructions to included a more effective mod_rewrite rule to help protect your applications.

PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.

The rewrite rule is there in the post, ready for copy and pasting into your config. Even if you're running the latest PHP 5.3.12 and 5.4.2., be sure to use this rule as a stop-gap measure for now. Another release is planned for tomorrow to fully correct the CGI flaw.

0 comments voice your opinion now!
cgi flaw bug rewrite rule protect release


Hari KT's Blog:
Is there a design flaw for the Components or Packages made by Symfony2 and ZF2
March 09, 2012 @ 09:03:36

Hari K T has a new post to his blog that shares his concern about a "design flaw" in the component/package methods promoted by Symfony2 and Zend Framework 2:

Looking from outside both Symfony2 and ZF2 is full of standalone components. But the reality is not the same. Though Symfony2 components are split into each components in github, you cannot give a pull request to that component. The tests for all the components still resides in the core.

He points to the Aura framework project as a good example of how to make a truly component-centric set of tools complete with tests bundled into the component's download right next to the source.

0 comments voice your opinion now!
design flaw component symfony2 zendframework2 aura framework tests source


Developer.com:
PHP Remains Strong Despite Security Flaws
June 04, 2010 @ 12:48:20

On Developer.com today there's a new article (from Sean Michael Kerner) that talks about the Month of PHP Security effort that's been going on and how, despite over 60 issues being reported, PHP remains strong.

Over the course of May, the PHP community was hit with a barrage of more than 60 security issues. The security assault was all part of the Month of PHP Security (MOPS) effort, which disclosed the flaws. But even after so many identified security issues in MOPS, PHP experts argue that the language is not necessarily insecure.

There's several quotes from Andi Gutmans (of Zend) with his thoughts on the bugs that were reported and how important he sees them as being (hint: nothing zero-day) and how developers are still, ultimately, the ones responsible for the security of their applications.

0 comments voice your opinion now!
security flaw monthofphpsecurity mops andigutmans


Misko Hevery's Blog:
Guide Writing Testable Code
January 07, 2009 @ 10:29:39

In this slightly older (Nov 2008) but useful post to Misko's blog, he takes a look at a few common flaws that you should avoid in writing up your code (in any language really).

To keep our code at Google in the best possible shape we provided our software engineers with these constant reminders. Now, we are happy to share them with the world.

Here's the list of the flaws:

  • Flaw #1: Constructor does Real Work
  • Flaw #2: Digging into Collaborators
  • Flaw #3: Brittle Global State & Singletons
  • Flaw #4: Class Does Too Much

Each includes some warning signs to keep an eye out for to see if you and your code might be straying the wrong way.

0 comments voice your opinion now!
testable guide hint flaw avoid warning sign


Community News:
PHP 5.2.8 Released
December 09, 2008 @ 06:39:35

The PHP Group has officially released the next version in the PHP 5.2.x series (as an update to the flaw in PHP 5.2.7) - version 5.2.8:

The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.

You can download this latest release from the downloads page on the main php.net website or from your favorite local mirror.

0 comments voice your opinion now!
php5 release security flaw update phpini



Community Events





Don't see your event here?
Let us know!


podcast testing series opinion framework release language laravel refactor interview code symfony2 unittest experience introduction list community threedevsandamaybe developer install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework