Security is not easy. Programmers should leave things like random number and identifier generation to a library (or at least research the best way to do it). A lot of projects learned it the hard way.
Let’s talk for instance of a function I encountered about six months ago:
function generateRandomKey($len = 20)
{
$string = ”;
[...]
Tag Archives: Symfony
Security is not easy
Posted in PHP, Symfony Also tagged entropy, full disclosure, PHP, random numbers, security 5 Comments
Extract from Doctrine_Record
/**
* returns an array of modified fields and associated values
* @return array
* @todo What about a better name? getModifiedFields?
*/
public function getModified()
{
[...]
Extending plugins in PHP and Symfony
Plugins are great but they are never what you exactly wanted. When they are designed properly, the best way to customize them is to extend them instead of directly editing them.
Now, imagine I have:1
# Penguin.class.php
class Penguin
{
public function __construct()
{
echo "Windows is bad\n";
}
}
# Herd.class.php
class Herd
{
public [...]
Posted in PHP, Symfony Also tagged autoloading, inheritance, monkeypatching, PHP, plugins Leave a comment
