Insufficient Transport Layer Security (HTTPS, TLS and SSL)
Communication between parties over the internet is fraught with risk. When you are sending payment instructions to a store using their online facility, the very last thing you ever want to occur is for an attacker to be capable of intercepting, reading, manipulating or replaying the HTTP request to the online application. You can imagine the consequences of an attacker being able to read your session cookie, or to manipulate the payee, product or billing address, or to simply to inject new HTML or Javascript into the markup sent in response to a user request to the store.
Communication between parties over the internet is fraught with risk. When you are sending payment instructions to a store using their online facility, the very last thing you ever want to occur is for an attacker to be capable of intercepting, reading, manipulating or replaying the HTTP request to the online application. You can imagine the consequences of an attacker being able to read your session cookie, or to manipulate the payee, product or billing address, or to simply to inject new HTML or Javascript into the markup sent in response to a user request to the store.
ββAutomatic Testing Laravel Project use Codeception
As we know that Codeception is a framework that helps our performance in performing automated testing on PHP-based applications. As the statement on the website page, Codeception collects and shares best practices and solutions for testing PHP web applications. With a flexible set of included modules tests are easy to write, easy to use and easy to maintain. Codeception encourages developers and QA engineers to concentrate on testing and not on building test suite.
As we know that Codeception is a framework that helps our performance in performing automated testing on PHP-based applications. As the statement on the website page, Codeception collects and shares best practices and solutions for testing PHP web applications. With a flexible set of included modules tests are easy to write, easy to use and easy to maintain. Codeception encourages developers and QA engineers to concentrate on testing and not on building test suite.
ββRunning the Laravel Scheduler and Queue with Docker
In Laravel, one of the tricky changes when switching from a virtual server to Docker is figuring out how to run a scheduler and a queue worker. I see this question come up quite a bit when PHP developers are trying to figure out how to use Laravel with Docker.
In Laravel, one of the tricky changes when switching from a virtual server to Docker is figuring out how to run a scheduler and a queue worker. I see this question come up quite a bit when PHP developers are trying to figure out how to use Laravel with Docker.
Cost and value of DocBlocks
Over the years I have added, updated, and removed a lot of DocBlocks. I have also suggested to add, update, or remove DocBlocks many times, as well as explained why I believe a DocBlock makes sense in one case, and doesnβt in another. In order to have a document I can refer to if I need to explain my reasoning again, Iβm writing this blog post - maybe itβs of use for you as well.
Over the years I have added, updated, and removed a lot of DocBlocks. I have also suggested to add, update, or remove DocBlocks many times, as well as explained why I believe a DocBlock makes sense in one case, and doesnβt in another. In order to have a document I can refer to if I need to explain my reasoning again, Iβm writing this blog post - maybe itβs of use for you as well.
ββWhat you need to know about environment variables with PHP
Environment variables for configuration are todayβs best practice for application setup β database credentials, API Keys, secrets and everything varying between deploys are now exposed to the code via the environment, instead of configuration files or worse, directly hard-coded.
Environment variables for configuration are todayβs best practice for application setup β database credentials, API Keys, secrets and everything varying between deploys are now exposed to the code via the environment, instead of configuration files or worse, directly hard-coded.
5 PHP Coding Standards You Will Love and How to Use them
Setting a coding standard is very important in team development. Agreeing on one coding standard helps keep your code neat and easy to read and also makes it easy to see the difference in your code when reviewing them. Unfortunately, coding standards for PHP are different between frameworks and PHP versions.
Setting a coding standard is very important in team development. Agreeing on one coding standard helps keep your code neat and easy to read and also makes it easy to see the difference in your code when reviewing them. Unfortunately, coding standards for PHP are different between frameworks and PHP versions.
Picking the right API Paradigm
A while back I wrote an article called Understanding RPC, REST and GraphQL which outlined the "what" in how these various approaches differ. This got a few people thinking I was saying REST was drastically superior in all ways, which is a common conclusion when folks hear me describe REST as a layer of abstractions on top of RPC⦠More abstractions does not mean definitively "better", sometimes that's going to be overkill, so let's look at when you might want to use which.
A while back I wrote an article called Understanding RPC, REST and GraphQL which outlined the "what" in how these various approaches differ. This got a few people thinking I was saying REST was drastically superior in all ways, which is a common conclusion when folks hear me describe REST as a layer of abstractions on top of RPC⦠More abstractions does not mean definitively "better", sometimes that's going to be overkill, so let's look at when you might want to use which.
Learning Design Patterns with Symfony
Established in the 70's by the "Gang of Four", Design Patterns are general reusable abstract solutions to solve often recurring problems in software design. Object oriented frameworks leverage them to design robust, extensible and testable code, letting developers build their applications on top of solid foundations. In this workshop, you'll (re)discover tens of the original design patterns, why and how they're implemented in Symfony.
Established in the 70's by the "Gang of Four", Design Patterns are general reusable abstract solutions to solve often recurring problems in software design. Object oriented frameworks leverage them to design robust, extensible and testable code, letting developers build their applications on top of solid foundations. In this workshop, you'll (re)discover tens of the original design patterns, why and how they're implemented in Symfony.
ββIs Your Code Readable By Humans? Cognitive Complexity Tells You
Cyclomatic complexity is a static analysis measure of how difficult is code to test. Cognitive complexity tells us, how difficult code is to understand by a reader.
Today, we'll see why is the later better and how to check it in your code with a Sniff.
Cyclomatic complexity is a static analysis measure of how difficult is code to test. Cognitive complexity tells us, how difficult code is to understand by a reader.
Today, we'll see why is the later better and how to check it in your code with a Sniff.
Creating Domain Services
An important concept in Domain Driven Design is the modeling of domain logic in Entities and Value Objects.
As weβve seen over the last couple of weeks, we can use Value Objects and Entities to model and protect the business logic of our applications.
An important concept in Domain Driven Design is the modeling of domain logic in Entities and Value Objects.
As weβve seen over the last couple of weeks, we can use Value Objects and Entities to model and protect the business logic of our applications.
WordPress Security As A Process
Last year, WordPress was responsible for 83% of infected content management sites. Make sure youβre not contributing to those infections and learn how to securely manage WordPress.
Last year, WordPress was responsible for 83% of infected content management sites. Make sure youβre not contributing to those infections and learn how to securely manage WordPress.
Use associative arrays basically never
The other day I was working on some sample code to test out an idea that involved an object with an internal nested array. This is a pretty common pattern in PHP: You have some simple one-off internal data structure so you make an informal struct using PHP associative arrays. Maybe you document it in a docblock, or maybe you're a lazy jerk and you don't. (Fight me!) But really, who bothers with defining a class for something that simple?
The other day I was working on some sample code to test out an idea that involved an object with an internal nested array. This is a pretty common pattern in PHP: You have some simple one-off internal data structure so you make an informal struct using PHP associative arrays. Maybe you document it in a docblock, or maybe you're a lazy jerk and you don't. (Fight me!) But really, who bothers with defining a class for something that simple?
A Docker-Compose PHP Environment From Scratch
Containerization. People are raving about it. But how do we get started? These Dockerfile things seem so foreign, and besides, how do we get different containers for our different services? After all, if we shoved them into one, it's kind of defeating the purpose.
Containerization. People are raving about it. But how do we get started? These Dockerfile things seem so foreign, and besides, how do we get different containers for our different services? After all, if we shoved them into one, it's kind of defeating the purpose.
Never type hint on arrays
Let's be controversial: In modern PHP, you should never type-hint an array.
Before you start throwing tomatoes, hear me out.
PHP allows you to specify the type of a function/method parameter or return value. These return values can be any legal PHP type, which includes any class or interface type, various scalars, and some fancy pseudo-types like callable and iterable.
Let's be controversial: In modern PHP, you should never type-hint an array.
Before you start throwing tomatoes, hear me out.
PHP allows you to specify the type of a function/method parameter or return value. These return values can be any legal PHP type, which includes any class or interface type, various scalars, and some fancy pseudo-types like callable and iterable.
Introduction to TOML Configuration in PHP
TOML is a configuration file format language that is intended to be minimal and easy to read. TOML stands for βTomβs Obvious, Minimal Language,β which refers to the creator Tom Preston-Werner.
TOML is a configuration file format language that is intended to be minimal and easy to read. TOML stands for βTomβs Obvious, Minimal Language,β which refers to the creator Tom Preston-Werner.
Setting up PhpStorm with Xdebug for local development on Docker
In the second part of this tutorial series on developing PHP on Docker we're taking a good hard look at PhpStorm, Xdebug and how to run and debug scripts from within PhpStorm on Docker.
In the second part of this tutorial series on developing PHP on Docker we're taking a good hard look at PhpStorm, Xdebug and how to run and debug scripts from within PhpStorm on Docker.
Code Complexity is a Design Problem
As a designer, there is a scenario Iβve experienced far too many times. It goes like this: Everyone from the product team is gathered in a conference room. Design has just finished presenting a set of upcoming features, and there is a long, silent pause. Finally, a developer speaks up. βDo we really need to build this?β, she says, unsmiling. The room is filled with tension. Arms are crossed.
As a designer, there is a scenario Iβve experienced far too many times. It goes like this: Everyone from the product team is gathered in a conference room. Design has just finished presenting a set of upcoming features, and there is a long, silent pause. Finally, a developer speaks up. βDo we really need to build this?β, she says, unsmiling. The room is filled with tension. Arms are crossed.
Remote Code Execution on packagist.org
There was a remote code execution vulnerability on packagist.org, the default package server behind Composer, a PHP package manager. Packagist currently serves around 400 million package downloads per month.
There was a remote code execution vulnerability on packagist.org, the default package server behind Composer, a PHP package manager. Packagist currently serves around 400 million package downloads per month.
ββBuilding a Password Less Authentication System with Laravel Signed Routes
I've seen many moderns apps are offering passwordless authentication in their platform. A lot of social media, email platforms are also offering the login with their API system by providing limited data necessary for user registration.
A lot of modern webs, mobile apps using social login to give a great user experience while using their platforms.
Today in this blog post, I'm explaining the process of customizing to use own passwordless authentication system with the Laravel framework.
I've seen many moderns apps are offering passwordless authentication in their platform. A lot of social media, email platforms are also offering the login with their API system by providing limited data necessary for user registration.
A lot of modern webs, mobile apps using social login to give a great user experience while using their platforms.
Today in this blog post, I'm explaining the process of customizing to use own passwordless authentication system with the Laravel framework.
