![php[architect] logo](/wp-content/themes/phpa/images/new_logo_mark_nav.png){kind=logo}
It’s my pleasure to again wish you, dear reader, a happy new year! Now that the hustle of the end of a calendar year is behind us, let’s gear up to tackle the next twelve months. This issue collects articles to help you set a foundation to succeed in your endeavors.
As our web applications grow in complexity we often find the need for background processing. Sending email blasts, transforming data sets, and other long-running tasks are not the kinds of things you want to do in a web request. In this article, we cover how to build long-running daemons and how to scale up our backend architectures with concurrency, all using PHP. With a little bit of planning and a queuing system, we can turn linear PHP scripts into multi-processor, multi-server powerhouses.
Why wait until production deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they’re exposed on the web, establishing a firmer trust between your website and your client. We explore using tools such as Burp Suite and more to validate proper Apache/NGINX configurations, and to be compliant with modern configuration standards such as OWASP Secure Headers Project and SSL Labs recommendations. In this article, you will see examples of vulnerabilities which were detected early on, as well as how to integrate these practices into your daily workflow.
Generators introduce sanity to the world of asynchronous, concurrent execution within a single process. In this article, we’ll look at what generators are, how they show up in PHP, and how they make concurrency a bit more sane compared to callback and promise alternatives. Then, we’ll see what a PHP application looks like when built on top of a generator-based framework instead of the typical “run one process per request and block on I/O” approach.
Sessions in PHP are often taken for granted. A session is a magic array which persists across page loads and holds user-specific data. It’s a fantastic and integral part of most web applications. But when misused, sessions can cause substantial security holes, performance and scalability problems, and data corruption. A deep understanding of sessions is vital to production web development in PHP.
Every application you work on will have some way to deal with a data set and take the form of arrays. If you have a more modern application, you may have a class which represents a data set with specific attributes and helper methods. Laravel is no different and takes the entire idea of a data set to the next level by using Collections.
There will come a time when you will need to add to your team. This can be due to a team member leaving, the workload becoming more than your team can handle, or just because you want to expand what your team does. In any of those cases, you will need to start the arduous task of finding someone new to bring to your team.
Last November, the Open Web Application Security Project (OWASP) published a new list of their “top ten” application security risks (ASRs). These are the most commonly encountered coding and security issues on the web according to an industry survey and the opinion of leading developers in the field. One of the newer ASRs to make the list is Insufficient Logging and Monitoring, something every PHP application can easily avoid.
For the last couple of columns, I’ve done interviews within the community, but in this issue I wanted to change the pace a bit. Open source software is the foundation upon which the web is built. Linux, Apache, NGINX, PHP, and all the libraries, many of the databases, and much of the software we use: it’s all open source software. What does that mean for us?
We expect a shortage of software engineering talent in 2018. Those with a deeper understanding of how things work will most benefit from the shortage. Let’s bring in 2018 by taking on one of those fundamentals, binary arithmetic, but with a twist: We’ll use XOR and AND logic for our implementation.
I’m usually not one to make resolutions at the start of a New Year. Mostly because I almost immediately would break them all. But I’ve been thinking a lot lately about upcoming topics in technology and cool things on the horizon. So I want to present a list of things that I will be keeping an eye on and learning more about this year, and suggest that you join me in the process.
Accessing backend system…
We're sorry, but your session has expired due to inactivity. Please use your browser to refresh this page and log in to our system again.
Leave a comment
Use the form below to leave a comment: