At 9:20 PM +0300 5/20/11, Andre Polykanine wrote:
Hello tedd,
Oh, I liked what you've said about a website like a house. May I
translate this into Russian and quote you in my blog? I'll place the
copyright :-).
Sure -- a link back would be fine.
I plan on placing that analogy on my web site sometime soon. I have
given it considerable thought -- and that's difficult for me. :-)
Cheers,
tedd
-----
Actually, what I would like to learn is how to break things. No, I
don't gonna be a hacker (I don't want to go to a jail!), but as a web
developer, I would like to know how a really bad guy can break my
sites and prevent him to do this :-).
Thanks!
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
------------ Original message ------------
From: tedd <tedd.sperling@xxxxxxxxx>
To: PHP General
Date created: , 9:12:06 PM
Subject: A Review Request
At 11:11 AM -0400 5/20/11, Alex Nikitin wrote:
Also to tedd, i would say that you should make it a series of
tutorials of how to make simple user auth progressively more and
more secure, i would say that would be a good learning experience
for someone. Start with your basic code, introduce new concepts that
will teach novice a little bit more about how the internet works,
how sessions work, how it can all be exploited conceptually, and
introduce ways to fix those issues with progressively more hardened
code...? I think that that would be a great way of learning for a
novice, i would say maybe 3 more tutorials, each progressively more
secure; suggesting next one to introduce hashing, cleaning the code,
and some of the initial concepts outlined above, then a system setup
for https, going over tls renegotiation, setting up rewriting rules,
etc, and changing the code with securing the session code and
introducing login limits, and finally perhaps how to take make all
of this system a bit more web 2.0 with jquery, ajax, and perhaps use
that as the introduction of the next set of tuts of how to do this
same thing with a database back end with references back to this
auth system? I would have certainly liked to read a tutorial like
that when i was starting out... And, i'm up to help, i'm sure others
as well would not mind chiming in their $.02 :)
Well... that's where I intend to go, namely, start with the basics
and continue with progressive disclosure.
However, there is lot to address here.
As I often explain to my students, a web site is like a house:
1. There's the foundation, flooring, walls, and roof, which is the
structure -- that's HTML;
2. There's the outside covering (paint, bricks, siding) and the
inside covering (paint, carpet, wallpaper), which makes the
presentation -- that's CSS;
3. There's the inside works, such as the plumbing, furnace, air
conditioning, and electrical, which provides functionality -- that's
PHP;
4. And there's the light-switches that turn on/off, doors and windows
that open/close, rheostats that go up/down, faucets that turn on/off,
and door bells that remain silent or ring, which allows behavior --
that's JavaScript.
You put all of these items together and the entire house can do more
than any one of them can do by themselves, namely make a home.
Additionally, how you arrange and combine these things together and
have them interact with each other is a topic of study that far
exceeds the knowledge of any one of them.
Furthermore, if you include these things with how people react with
web sites (what makes people do things) then you'll have an excellent
introduction into problems in creating a good web site -- and that's
my ultimate goal.
However, my first step is to put various things up for peer review
and listen/adapt to the feedback. That's what I'm doing.
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
