I am pleased to say that it took me only about 30 minutes to transfer a basic site writte on Kohana to the ZendFramework, both frameworks make it easy to switch between each other. For one thing you can use the ZendFramework Library in Kohana (although I haven’t done it myself people declare is rather easy)
The thing I like the most about the ZendFramework is their tool which comes as a part of their library download. I have mainly used the tool to create the controllers and actions and so far it has been a time saver and has helped me to see how the framework works in a few keystrokes.
After the first site was a success the next step will be to convert a site with a simple CMS built in Kohana to the ZendFramework, I have to admit that there were two things that held me back for a while into using the ZendFramework.
I read in different blogs how slow ZendFramework was compared to other frameworks such as Kohana, CI, CakePHP and even the new framework called Yii. The graphic below is one of my many findings:
But it is obvious that as the time goes by the framework is getting better and seems like it is getting faster as well.
When I tried the framework for the first time was about a year ago or so, it was brand new and people were still getting their heads around it as well as was very limited content in the subject so my first attempt to try it was a failure but months later I come back and wow, what a difference. Not only that but I stayed away from the full package and downloaded the minimal package and started just with the library and it was a breeze.
It is nice to have different packages to choose from and that they get better day by day. So far Zend has made it an easy transition and a nice new PHP development start.
So here we are on “The TRUTH about PHP/mySQL security Part deux”, So after reading lots of websites/blogs and reviewing nearly 100 OS PHP/mySQL scripts I have found that everyone has a similar structure
What we want to look for is the dbconnection.php file. So lets take a look at a simple dbconnection.php file
$result = @mysql_pconnect($server, $db_user, $db_pass) or die ("Database CONNECT Error (db_fns line 7)");
But now we see there is an include config.php, lets take a look into that file
$domain = "www.yourdomain.com"; // Your domain name (include www. if used BUT NOT http://)
$server = "localhost"; // Your MySQL server address (usually 'localhost')
$db_user = "username"; // Your MySQL database username
$db_pass = "password"; // Your MySQL database password
$database = "database"; // Your MySQL database name
$currency = "UK Pounds"; // The currency that your affiliates will be paid in
$emailinfo = "firstname.lastname@example.org"; // Your email address
$yoursitename = "Your Site Name"; // Your sites name
Is all this information sensitive? Of course it is! imagine some one getting a hold of your $db_user or $db_pass variable, they could easily create scripts that will log into your DB and either edit the information or destroy it. But I’m not going to go into detail about that, what I am after is to learn how secure it is to leave your php scripts out in the open and from what I have learned so far it is pretty safe do that, but I want to continue to search for what other kind of security is offered by PHP.
So I finished a small application that I am using only on my computer to avoid any problems on the net in regards to security (name it hackers/crackers/enthusiast/whichever).
Since there is no easy way to ask a question like What is the best way to create a secure applicationI decided to send the question out there and ask to what everyone thinks or believes is a secure way to create their applications.
I have been working with PHP/mySQL as user not much as developer for the past years but now trying to learn more about the developer side, I have hit a wall once I have faced Security.
For a while I was certain that putting my sql connection in a PHP file it was ok, this believe was even stronger while using different applications out there that place their connections logarithms inside folders named as simple as connections, and if we want to examine this theory further if you create a Database Connection in Dreamweaver the application itself will create a folder titled Connections and inside that folder it will write the scripts necessary to connect to your DataBase.
With all this in mind I ran into a basic tutorial that highlighted the importance of having your connections secure and one recommendation was to place your connections script (or PHP file) under a password protected directory. This would be an overkill IMHO and not only that but securing a password with another password?