Archive for April, 2008

Web application security

April 28, 2008

I’ve been keeping an eye on The Hacker Webzine for a while now just so I’m up to speed on security issues, and today Roland posted a very handy (I hope) .htaccess file that will act as a firewall against 99% of known attacks against web applications. Check out his “My web application firewall” post here.

Zend_Form

April 22, 2008

I was kinda mystified as to why anyone would make forms using php rather than just doing them with html, but the PEAR forms module seems to be popular and before Zend put a forms module in their framework there was a lot of moaning about its absence, so I thought I’d try out the ZF module and find out what the fuss is about.

Still mystified. Using Zend_Form wasn’t any quicker from a coding point of view than just making the a form in a view and having a separate validation object, and it’s way slower to run. Won’t be rushing to use it again.

Zend framework

April 18, 2008

After my favourable impression of Project Pier, which uses a cake php style MVC architecture, I thought I’d give the Zend Framework a whirl, and after struggling a bit at first I’m slowly being convinced that I’ve made a good decision – it’s certainly helping standardise development (and encourage code re-use!) here where I work at the minute, which is very positive. We’ll stick with it for a while now and see how it goes.

I suppose it’s funny I’m only trying this stuff out now, but I was a late adopter of php5, so I was using mostly procedural code an account of the poor performance of OO stuff in php4 (see http://phplens.com/lens/php-book/optimizing-debugging-php.php). When the announcement that development work was being discontinued php4 I had to switch over, so I did some benchmarking and discovered objects are now fast. It’s nice, there’s something pleasing about optimising for code elegance rather than fretting about performance the whole time 🙂