PHP

Five More PHP Design Patterns

/*
A follow-up to the previous Five Common PHP Design Patterns on IBM's DeveloperWorks.

This one covers the Adaptor, Iterator, Decorator, Delegate, and State patterns.

Both articles are definitely worth a read!
*/

Five Common PHP Design Patterns

/*
Yet another IBM DeveloperWorks article. This is a good read, for any programmer, especially a PHP programmer.

This article covers the following design methods:
Factory
Singleton
Observer
Chain-of-Command
Strategy pattern

I thought I'd already linked to this article ages ago. It's been in my bookmarks for ages; along with the next article.
*/

PHP Security Consortium :: PHP Security Guide

"If you do not design your application with security in mind, you are doomed to be constantly addressing new security vulnerabilities. Careful programming cannot make up for a poor design."
-- PHP Security Guide, Chapter 1, Section 1.1

/*
This guide certainly gets to the point. The PDF is only 37 pages long, so it's a fairly short read. There's coverage on global variables, data filtering, error reporting, form processing, XSS, CSRF, SQL injection, session hijacking, and file-system concerns. Sample code is used several times as well.
*/

Tuning LAMP Systems, Part 2: Optimizing Apache and PHP

/*
Another great IBM DeveloperWorks! article. It also links to the first article, which appears to be a 3-part series.

The article seems to require Apache 2.x. Most of my installs tend to be 1.3.x with PHP 5.x, mod_security, and sometimes mod_perl. YMMV.
*/

Suhosin - Hardened PHP

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

/*
This looks like a pretty nice way of securing PHP-based app servers. The FAQ details some things that might just surprise you if you think your PHP installation is secure.

This comes following the Month of PHP Bugs.
*/