php[architect] logo

Want to check out an issue? Sign up to receive a special offer.

The Art of Data

November 2021

This month, we dive into Libsodium, discuss gatekeeping, learn more about data access, and why even something that might be considered a “small bug” can cause massive damage.

Cryptography with Libsodium

By Vinícius Campitelli

According to the just-released 2021 version of OWASP Top 10 (a curated list of the most critical web application security risks out there), “Cryptographic Failures” are the 2nd most important of the many security concerns we should have as web developers. These concerns include a lot of misuses of cryptographic systems, like choosing weak algorithms, poor randomness sources, or usage of deprecated methods. That is why this is also the second article covering the main topics for cryptography: on our last issue, we covered the main theory, which sometimes is the cause of those errors mentioned above, and right now we will see how to use libsodium, a modern library with the most recommended algorithms already built-in and no weak settings available per default. It is a cross-platform tool, available to use on Windows, Mac, and Linux, and has been included in PHP’s core since 7.2. It also has bindings for Java, NodeJS, Python, Go, and several other languages. So we are safe to say it runs pretty much everywhere. The official website is libsodium.org, and you can find the full documentation there instead of the PHP.net manual as it is sometimes not complete. There is also a Quick Reference and a “Using Libsodium in PHP Projects” article on their website that helps a lot, and I strongly recommend you take a look. Before we start, here are a couple of notes: first, there are lots of constants to indicate some arguments that should be used instead of hard-coding the values, and second, both functions and constants are pretty verbose, sometimes taking up to 55 characters. But I think it’s better to express the purpose of everything instead of having to guess. Let’s begin! by Vinicius Campitelli

Exploring the Active Record Pattern

By Alexandros Gougousis

ORMs are great for Rapid Application Development. You can get started very quickly. The price you pay is the vast complexity they hide under the hood. As your system grows, that complexity can bite you if you are not careful enough. What is more, ORM packages create heavy objects that can make your life hard when doing batch processing. It is a great blessing to know the basic principles and challenges when persisting an object to a relational database. This knowledge will help you make some critical decisions as your application grows. by Alexandros Gougousis

Education Station: Handling Data Access

By Chris Tankersley

I would posit that nearly every application that we as developers build is designed around data access. When it comes to web applications, we spend a lot of time looking up things in databases or files to display to users. We write backend workers to read, manipulate, and store data in various ways. We build tools to access third-party applications and work with the data that they return. It’s data all the way down. by Chris Tankersley

The Workshop: Intro to Craft CMS

By Joe Ferguson

Last month we covered Nitro, a local development environment that came out of the Craft CMS community. This month we’re going to dive into Craft CMS and demonstrate getting started with a basic project. by Joe Ferguson

Here Be Dragons: Problem Space

By Edward Barnard

There’s a strong tendency toward “gatekeeping” right now in the 2020s. Senior developers warn “there be dragons” while announcing a “hands-off” policy toward the crucial areas of the codebase. You and I need to get past that. Where’s the fun when you can’t touch the dragons? The joy’s in experiencing software development, dragons and all. This month we’ll examine the problems of burnout and gatekeeping and see an alternative to the toxic gate keepers’ environment. Next month will be just plain fun. by Edward Barnard

Security Corner: No Bug Too Small

By Eric Mann

Every bug report, even the innocuous-looking ones, could be evidence of a fatal flaw in your application. You owe it to yourself and your customers to vet and audit any report, even if it lacks proof-of-concept, exploits code, or feels like an extremely hypothetical edge case. by Eric Mann

PHP Puzzles: Compounding Interest

By Oscar Merida

Last month, we looked at how to output an amortization table to see how compounding interest affects some amount of money. Printing out such a table assumes we have a certain set of inputs. Moreover, it’s tedious, even simple for a computer to do. Let’s look at other ways to calculate the time value of money. by Oscar Merida

Community Corner: Interview with Wasseem Khayrattee

By Eric Van Johnson

Off the coast of Africa, in the Indian Ocean, lays an Island named Mauritius between latitudes 19°58.8’S and 20°31.7’S and longitudes 57°18.0’E and 57°46.5’E. It is 65 km (40 mi) long and 45 km (30 mi) wide. The country spans 2,040 square kilometers (790 sq mi). It is the only known habitat of the extinct dodo, and it is where this month’s interviewee Wasseem Khayrattee, or maybe better known as 7PHP, calls home. 7PHP is the new voice on Voices of the elePHPant, and this month we sit down and talk with him, how he got started, his journey, and what he’s up to now. Grab yourself an Alouda or a Phoenix beer, queue up “Top 100 Mauritius” on Spotify and let’s see what makes up the universe known as 7PHP. by Eric Van Johnson

finally{}: Roll With It

By Beth Tucker Long

The last year has been a big year of change for workplaces in a lot of the world. Every time we think we are settled into our “new normal,” things change again—variants, treatments, policies, work locations, hiring practices, staff sizes—an overwhelming amount of change. A quick internet search reveals many studies showing that rates of burnout are alarmingly high and still rising. We are all resistant to change, but should we be? by Beth Tucker Long

Leave a comment

Use the form below to leave a comment: