Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2007
    Thanked 5 Times in 5 Posts

    Things PHP is best for, and things it's not so good at

    Many users here wonder about PHP coding of things that they want to do with PHP, and sometimes PHP scripting is not a good way to go. Although as alternative to PHP or 'User side' of the code is Javascript, if you use J (J as Javascript) in your code weather to check for password or validation it can sometimes result as total mess if user disalowes J on your website (that can be done with any browser), worst thing that user can do is to even check for passwords with J, and if user turned it of they can access your website easily (OK, that's extreme, but can happen).

    So, what things are best to do with PHP, like authorization, loading from database, checking for variables and stuff that can sometimes be disabled (like vbulletin smiley instertion) with J off.

    How far can you go with server side coding, so that users that have J turned of can still browse your site with ease?!

    PHP is for thinkers, maybe if you know everything before you make one step forward with PHP that can make your life much easier (like inserting smileys in forms), but J is there to make your life easier, and it's a real shame that it can be disabled. Of course that's couse it can be used maliciously, but why is J so dangerous?!

    J is executed in users RAM, and therefore (even with limitations) can be used, and is used, for malicious attacks (cookie settings, password gathering, and stuffs like that)

    Does that problem go so far, so that it means that todays browsers are just not secure enough for J, and SS coding like PHP is only secure way to go (if you code properly) or that users and even programers just ignore that mayor security hole that egzists between user side and server side communication.

    Is there a way to stop that madness?! Where do we start from if that's possible, browsers, OS's or just plain and hardest thing to do, user education.

    Thanks for any answer, if there will be any.
    (If mods move this topic elsewhere or delete it )

  • #2
    Super Moderator
    Join Date
    May 2002
    Perth Australia
    Thanked 101 Times in 99 Posts
    Ideally you do everything serverside and use Javascript to supplement the user experience where possible, I don't think you should ever use javascript for authentication.

    So you either assume no javascript or enforce the use of javascript.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts