My Blog

contains PHP and other web related content. (Sometimes there are some off topic things - don't freak out!)

Archive for February, 2009

Rely on Google for your Javascript?

Thursday, February 26th, 2009

After reviewing the Google Javascript API project, I am torn. Pro’s and cons below… What do YOU think?

PRO

  • Proper caching done
  • Shared javascript location – no need to redownload if multiple sites use same library
  • Easy to include method, can be as specific as needed for versioning (you can include major, major.minor, etc.)

CON

  • If google goes down, you go down. Well, if caching is done right that doesn’t matter. Plus I’m sure you rely on your host not to go down either…
  • If google ends the service, like they shut down other services, you have to re-architect again.

So, are YOU going to use it?

Tags: ,
Posted in Misc Web Design, javascript | 1 Comment »

Disable md5 now – or you will die

Thursday, February 19th, 2009

I remember a while ago hearing about a few theoretical collisions of the md5 algorithm, but I thought nothing of them. Now, as more information emerges, Microsoft is issuing advisories, and people are proving more and more collisions with example code, and even md5 is out of vista, I figure its time to remind everyone not to use md5.

What should I do?

First of all – lets use sha1 instead – equally as easy of a function to use – but much more secure.

1

echo sha1('test');

Output:

a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

Next, disable it in php using disable_functions in your php.ini

php.ini excerpt

disable_functions = md5

Finally, don’t accidentally use it in your db ;)

Tags: ,
Posted in PHP, security | 1 Comment »

Password Complexity Class

Thursday, February 12th, 2009

After many times of coding relatively the same thing, it becomes prudent to have a standard library for certain sets of processes. Of course – that is why there are things like frameworks! At any rate, one of the biggest things I run into is password complexity. Each website has its own requirement for the security they want to implement. So, let’s talk about the requirements and then look at the code:
(more…)

Tags: ,
Posted in PHP, security | No Comments »

Please Use Public Accessors in your Object Oriented Programming

Wednesday, February 4th, 2009

I really hate to see people accessing and designing objects with public attributes. So many times I’ve seen this backfire. Lets take a few examples and see why this matters:

(more…)

Tags: ,
Posted in PHP, programming | No Comments »

  • twitter loader

Follow me on twitter: @aaronsaray

The views on this website are my own and do not reflect the opinions of my employer or clients.
Creative Commons License Home | Open Source | Book | Music | Art | Bio | Resume | Contact
My Baby