PHP and filepro - login lesson
Jose Lerebours
fpgroups at gmail.com
Thu Apr 12 15:00:32 PDT 2018
If I did not know better I would think you just called two of us
"idiots" ...
Not exactly lack of consistency in the writing of code but rather
evolving methods/classes or simply experimenting with UI/UX - Say jQuery
or NodeJS or Angular JS or pure JS ... bootstrap or good old CSS/CSS3
... I constantly ask "what if" when writing code and enjoy the chase.
I am the kind of developer that will push the envelop and, so I feel,
each time I find a better way than last and shorter code tables and more
interactive UI/UX.
All that said, I am sure that all of these flaws can be accredited to
WordPress, Zend 2, CakePHP etc. In other words, the so called
"frameworks" that are just out of control and some poorly implemented.
No programming/scripting language is without flaws, some more than
others. PHP may rank worst than Perl in many areas but that is the
price it paid for growing so fast and so openly (too many hands in the
pot).
I still love PHP and I know can pickup Perl and write code in Perl with
the same ease I do PHP or filePro, I mean, it is not like Perl is for
Geniuses only. ;-) Is it?
On 04/12/2018 05:31 PM, Fairlight via Filepro-list wrote:
> On Thu, Apr 12, 2018 at 05:07:57PM -0400, Jose Lerebours via Filepro-list thus spoke:
>> lol, simple but probably functional. There are so many login
>> templates out there and yet, I do not think I ever wrote two exactly
>> the same.
> Lack of consistency (when not intentionally adopting a better methodology)
> is problematic. That's one of the fastest ways to oversights which can
> have consequences.
>
>> (c) In lieu of sending stdin as parameters, write to a file and send
>> the file as source for filePro to import
> Usually, yes. However, if you're disk-bound instead of CPU-bound,
> sometimes it actually makes more sense to skip the extra performance hit.
> Sometimes. I wouldn't normally advocate for doing so, but I have seen
> instances where it would be sensible and increase performance on busy
> systems.
>
>> ~/bin/phpLogin [file source] [file out]
>>
>> Writing to a file eliminates your need to worry about escaping and
>> decoding
> It does -not-, however, eliminate your need to sanitise your data in
> general. You may not need to do so immediately for the first SYSTEM call
> out, but if that data is stored in an unsanitised format, then later
> introduced by another programmer (or someone who can't be bothered to do
> something the same way twice and forgets what was done how because they're
> not methodical), then you introduce a security and/or stability problem
> farther down the road.
>
> ... Since file_put_contents() will not open a shell should
>> the user attempt to inject/attack your site.
> Writing to file doesn't protect you in all instances; only the immediate
> one you're bypassing.
>
>> This is exactly why I wrote fp2php.com but gave up on it since no
>> one thought the community needed PHP at all :-(
> There is nothing PHP can do which can't be done in Perl or mod_perl more
> securely (and just as efficiently, in the case of mod_perl), by a better
> class of programmer.
>
> The number of actual serious security flaws in Perl in the last fifteen
> years numbers around three. Two of those revolved around strftime(), for
> some reason.
>
> The number of PHP vulnerabilities is incalculable. Back when SANS @RISK
> used to be more than just a regurgitation of the same seven exploits for
> three months running, surrounded by ads for their 'training', they -used-
> to list all the known PHP exploits, and known exploits for software written
> in PHP. PHP-based holes were through the chart every single week. It used
> to take up 3/4 of the newsletter.
>
> ZEND is to blame for the horrible engine and horrible practises (like
> dropping a -completely- new PCRE library into a third-pointlevel re-patch
> of a security patch they screwed up the FIRST time, a day earlier...because
> they're just -that- good). And the 'programmers' of today are too stupid
> to know any better.
>
> PHP is the AOL of programming languages: Anyone idiot can use it, and too
> many do.
>
> m->
--
Jose D. Lerebours
954-559-7186
https://www.cargosaas.com
http://www.ezbookeep.com
http://www.ezdaemon.com
http://www.fp2php.com
More information about the Filepro-list
mailing list