Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
From your experience, are there any security measures that one should undertake on a VPS before including files with absolute paths (opening /, eg. /common/lib.php or /images/image.jpg)
Yeah, there is one for sure.
Make sure that you turned display_errors off, to make all the error messages you will get invisible to the user.
Then make these paths real, by adding $_SERVER['DOCUMENT_ROOT'] to them or any other way.
And yes, as long as you are using this kind of code
include $_SERVER['DOCUMENT_ROOT'].'/common/lib.php';
using no dynamically generated filenames
you may consider yourself safe.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
To make things short: I'm writing an anonymous forum software with PHP. I just feel like using a database is overkill and restrains my amateur skills. Do you advise against using text files instead of database?
Thanks.
A database has advantages like some sanitation (no breaking of delimiters, newlines etc.) and less danger of access conflicts when multiple instances try to read from the table - and different from a file-based approach, writing conflicts are constrained to the record in question only.
Recommendation: use database
To make things short: Yes. Strong advise against text files.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
All,
I'm curious what the best approach to this would be. In case the tags weren't noticed, I'm using PHP and Laravel 4.
My application requires that users register with an email address that is from specific domain names. Currently there is only one domain, however, I can see it being a requirement to white list others.
I would assume it would be best to put the domains into an array. Would I run a regex from $rules array against that array? I'm somewhat green to regex. I don't use it often enough to commit anything advanced to memory so feel free to talk to me like a 2 year old.
You can create a custom validator for this. See http://laravel.com/docs/validation#custom-validation-rules for reference.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have stored all my necessary functions to a file functions.php.inc and I use this at the top of each page like this
require_once("functions.php.inc");
I want to know that Is there any effect on performance to have this name. If I change the functions.php.inc to functions.php will it give better performance or there is no any difference.
Besides the .inc warning given in comments, there should be no performance impact (extra 4 characters comparison, negligible ; the file system also is very comfortable with having to deal with a 13 or 17 chars file name).
Also, in recent versions of PHP, the APC cache is included (default), meaning that there is no extra parsing of the file that require that inc file (just the first time it is accessed). Then APC checks the file status (from file system) to detect a change when it is accessed again, from further requests.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
What is the best way to document changes in a function with PHPDoc? Something like
#change 2010.20.16 user added feature x
#change 2010.20.26 user added feature y
would be great. But assume there's no #change option... If i add it anyways, what will PHPDoc do with it? Or is there a better / more correct way to document function changes?
It might be better to just dump your SCM log into a changelog txt file then try to embed it into the source code.
Reasons why:
Staleness - It won't do anyone any good if you stop adding change notes which is likely to happen if having to go on a coding marathon/sprint of doom.
Unconventional - I can't remember seeing a project with that in depth of inline documentation. Sometimes conventions are flat out stupid, but I think the wisdom for this one is cutting down on maintenance.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
What is the best & most secure way you've handled sessions in a PHP application? I want to know the best, most robust and secure method there is. :)
Your session data will be pretty safe. If you want to make it even safer, encrypt it. Beyond that, you'll have to be more explicit about what you desire.
That would depend on your environment. If your using a shared host, it maybe possible for others customers hosted on the same box to access you session data. If that's the case, it might be safer to store it in a database. But every server is different. Can you elaborate on your setup, and what your trying to protect against?