Hello tedd, Oh, I liked what you've said about a website like a house. May I translate this into Russian and quote you in my blog? I'll place the copyright :-). Actually, what I would like to learn is how to break things. No, I don't gonna be a hacker (I don't want to go to a jail!), but as a web developer, I would like to know how a really bad guy can break my sites and prevent him to do this :-). Thanks! -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion ------------ Original message ------------ From: tedd <tedd.sperling@xxxxxxxxx> To: PHP General Date created: , 9:12:06 PM Subject: A Review Request At 11:11 AM -0400 5/20/11, Alex Nikitin wrote: >Also to tedd, i would say that you should make it a series of >tutorials of how to make simple user auth progressively more and >more secure, i would say that would be a good learning experience >for someone. Start with your basic code, introduce new concepts that >will teach novice a little bit more about how the internet works, >how sessions work, how it can all be exploited conceptually, and >introduce ways to fix those issues with progressively more hardened >code...? I think that that would be a great way of learning for a >novice, i would say maybe 3 more tutorials, each progressively more >secure; suggesting next one to introduce hashing, cleaning the code, >and some of the initial concepts outlined above, then a system setup >for https, going over tls renegotiation, setting up rewriting rules, >etc, and changing the code with securing the session code and >introducing login limits, and finally perhaps how to take make all >of this system a bit more web 2.0 with jquery, ajax, and perhaps use >that as the introduction of the next set of tuts of how to do this >same thing with a database back end with references back to this >auth system? I would have certainly liked to read a tutorial like >that when i was starting out... And, i'm up to help, i'm sure others >as well would not mind chiming in their $.02 :) Well... that's where I intend to go, namely, start with the basics and continue with progressive disclosure. However, there is lot to address here. As I often explain to my students, a web site is like a house: 1. There's the foundation, flooring, walls, and roof, which is the structure -- that's HTML; 2. There's the outside covering (paint, bricks, siding) and the inside covering (paint, carpet, wallpaper), which makes the presentation -- that's CSS; 3. There's the inside works, such as the plumbing, furnace, air conditioning, and electrical, which provides functionality -- that's PHP; 4. And there's the light-switches that turn on/off, doors and windows that open/close, rheostats that go up/down, faucets that turn on/off, and door bells that remain silent or ring, which allows behavior -- that's JavaScript. You put all of these items together and the entire house can do more than any one of them can do by themselves, namely make a home. Additionally, how you arrange and combine these things together and have them interact with each other is a topic of study that far exceeds the knowledge of any one of them. Furthermore, if you include these things with how people react with web sites (what makes people do things) then you'll have an excellent introduction into problems in creating a good web site -- and that's my ultimate goal. However, my first step is to put various things up for peer review and listen/adapt to the feedback. That's what I'm doing. Cheers, tedd -- ------- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php