Image for post
Image for post

Foreword

This article aims to introduce PHP developers to the thought process of properly implementing security features. We’ve all been novice PHP developers at one point in our lives and thought that if there is an md5() in it, then it must be secure.

The primary motivation behind this article is to build upon the efforts of the PHP community to make security best practices more visible amongst a sea of old and insecure advice. When I first wrote this out of frustration in June 2017, 9 out of the top 10 results in a Google search for “password recovery php” were insecure implementations. And, 3+ years later, those same results are still there. That’s the advice we, as a community, are giving to all newcomers to the language. …


At Nearpod we make extensive use of Redis. The majority of that use comes in the form of a significantly sized Redis Cluster which we use to manage the millions of virtual classroom sessions that go on throughout the day. We run our Redis Cluster in Elasticache, the AWS managed service for in-memory datastores.

This past back-to-school period, Nearpod has seen unprecedented growth. For what was already a popular EdTech tool, you can only imagine the increase in users we’ve seen as students returned to school — virtually — and the world found itself urgently in need of solutions to bridge the learning divide. Our cloud platform immediately underwent a 10x scale event. …


Coming from a dynamic language background, mostly PHP and python, I was pleasantly surprised by the way the Rust compiler has your back and figures out most of the runtime issues at compile time. In my role as a cloud architect who supports a large PHP web application, I would love to have that certainty for all our code that gets pushed to production.

There are static code analysis tools that try to cover that gap, and while they do a good job at trying to infer types based on usage, if the codebase you are trying to analyse doesn’t have a lot of type information (either via types in functions/method definitions or PHPDocs) there is only so much they can do. …

About

Nicolas Far

Cloud Architect @ Nearpod

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store