Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Théo Fidry:
Create and deploy secure PHARs
Jan 04, 2018 @ 13:45:57

For those Phar users out there Théo Fidry has written up a guide to help you create and deploy them securely with the help of a few tools and OpenSSL to sign the release to ensure integrity.

For those who are not familiar with it, PHAR (Php Archive) is analogous to the JAR file concept but for PHP. It allows you to package an application into a single file making it convenient to deploy or distribute.

[...] So what are PHARs useful for then? Well still the same thing: packaging applications. Although not many people may want to use this technique for web applications, it is still extremely useful for console applications.

The tutorial starts off by showing a few different methods for installing Phars and how to build them from your code. While they can be built manually, he suggests using the box project to help make it simpler. It also covers self-updating phars and shows how to update the box.json configuration to use a generated key to sign the release. Finally it covers a method for using Travis-CI to auto-build the phar and how to keep the OpenSSL key safe and out of the checked in code.

tagged: phar tutorial install create sign openssl box build travisci

Link: https://medium.com/@tfidry/create-and-deploy-secure-phars-c5572f10b4dd

Misko Hevery's Blog:
Guide: Writing Testable Code
Jan 07, 2009 @ 10:29:39

In this slightly older (Nov 2008) but useful post to Misko's blog, he takes a look at a few common flaws that you should avoid in writing up your code (in any language really).

To keep our code at Google in the best possible shape we provided our software engineers with these constant reminders. Now, we are happy to share them with the world.

Here's the list of the flaws:

  • Flaw #1: Constructor does Real Work
  • Flaw #2: Digging into Collaborators
  • Flaw #3: Brittle Global State & Singletons
  • Flaw #4: Class Does Too Much

Each includes some warning signs to keep an eye out for to see if you and your code might be straying the wrong way.

tagged: testable guide hint flaw avoid warning sign

Link: