info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-26 23:04:36 +02:00
Code Issues Projects Releases Wiki Activity

Continuing with the restructuring.

Browse Source 
Making space for libraries.
Bringing security themed topics under single subject.
This commit is contained in:
Kris Jordan
2012-07-09 10:57:18 -04:00
parent fb3aaff653
commit d4b2fd2276
8 changed files with 56 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
_includes/input-filtering.md
View File

@@ -1,15 +0,0 @@
# Input Filtering
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
* [Learn about `filter_var`][1]
* [Learn about `filter_input`][2]
[Back to Top](#top){.top}
[1]: http://php.net/manual/en/function.filter-var.php
[2]: http://www.php.net/manual/en/function.filter-input.php

9
_includes/popular-frameworks.md → _includes/libraries-and-frameworks.md
View File

@@ -1,10 +1,12 @@
# Popular Frameworks
# Libraries and Frameworks
## Web Frameworks
Rather than re-invent the wheel, many PHP developers use _frameworks_ to build out web applications. Frameworks abstract away many of the low-level concerns and provide helpful, easy-to-use interfaces to complete common tasks.
_You do not need to use a framework for every project_. Sometimes, plain PHP is the right way to go. But if you do need a framework, here are a few of the most popular ones (in alphabetical order):
## Full-Stack Frameworks
### Full-Stack Frameworks
* [CakePHP](http://cakephp.org/)
* [CodeIgniter](http://codeigniter.com/)
@@ -16,11 +18,10 @@ _You do not need to use a framework for every project_. Sometimes, plain PHP is
* [Yii](http://www.yiiframework.com/)
* [Zend](http://framework.zend.com/)
## Micro Frameworks
### Micro Frameworks
* [Fat-Free](http://bcosca.github.com/fatfree/)
* [Limonade](http://limonade-php.github.com/)
* [Silex](http://silex.sensiolabs.org/)
* [Slim](http://www.slimframework.com/)
[Back to Top](#top){.top}

17
_includes/passwords.md
View File

@@ -1,17 +0,0 @@
# Password Hashing with Bcrypt
Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
There are several Bcrypt libraries for PHP that you may use.
* [Read "How to Safely Store a Password" by Coda Hale][1]
* [Use Bcrypt with PHPAss][2] (odd name, I know)
[Back to Top](#top){.top}
[1]: http://codahale.com/how-to-safely-store-a-password/
[2]: http://www.openwall.com/phpass/

4
_includes/links-and-resources.md → _includes/resources.md
View File

@@ -1,6 +1,4 @@
# Links and Resources
Here are some miscellaneous resources that are worth a read.
# Resources
## From the Source

43
_includes/security.md Normal file
View File

@@ -0,0 +1,43 @@
# Security
## Web Application Security
There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
* [Read the OWASP Security Guide][2]
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
## Password Hashing with Bcrypt
Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
There are several Bcrypt libraries for PHP that you may use.
* [Read "How to Safely Store a Password" by Coda Hale][3]
* [Use Bcrypt with PHPAss][4] (odd name, I know)
[3]: http://codahale.com/how-to-safely-store-a-password/
[4]: http://www.openwall.com/phpass/
## Input Filtering and Sanitizing
Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
* [Learn about `filter_var`][5]
* [Learn about `filter_input`][6]
[5]: http://php.net/manual/en/function.filter-var.php
[6]: http://www.php.net/manual/en/function.filter-input.php
[Back to Top](#top){.top}

11
_includes/web-application-security.md
View File

@@ -1,11 +0,0 @@
# Web Application Security
There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
* [Read the OWASP Security Guide][2]
[Back to Top](#top){.top}
[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents