Doesn't help if you click somewhere by accident and delete an email without noticing.
You can always shoot yourself in the foot even with a service layer. But in a service layer you need to get it right once. And therefore if you don't, you have to fix it just once. And coupling your business logic with…
If it's "not a hard problem" - and I agree it isn't, and it's solved by Clojure's SQL libraries, why should the web framework deal with it in any way? And moving the problem actually helps, when the original place was…
Well you see, when I refer to "powerful" I mean custom, scalable, service based architecture best fitting the app at hand. PHP can do that. I can even write some of the services in other languages, and it'll work just…
It's simple. Let's see what the spectrum of PHP solutions is. It goes from: - WordPress: very simple, you don't need to be a coder, not that powerful. And goes until: - PHP + libraries: complicated, you need to be a…
Yes scores can't possibly be universal. But admit it. It just irks you to see a pop singer might be more popular than the president.
> "But in our universe, people saw the algorithm as hackneyed, particularly when Justin Bieber had a higher Klout score than the US president." Maybe Klout was wrong with this particular arrangement, or maybe your…
> "it'll still confuse the FUCK out of java, c#, c++ and flash developers, because they are still SEMANTICALLY weird and confusing to people used to classical inheritence... So I'm happy about that. As long as Java…
> "That won't necessarily stop $developer making a little PHP interface long after you leave, which exposes your DB again." Let me ask, does this hypothetical company have someone in charge of architecture, or everyone…
Your logic is a bit weird. Sendgrid just experienced this major embarrassment and are currently re-training their staff to avoid it again at all costs. And you're going to move away from them now?
That's probably the one part that really didn't make sense. But maybe he did it for sport.
> "and it looks inspired by PHP." You're getting the order wrong here. - It was inspired by Java. - PHP OOP was also inspired by Java. It's hard to argue that Java's OOP model is bad. It encourages clear code structure…
And a bunch of people coming out of their caves to tell us how JavaScript's quickly cobbled up hacky prototype system is a design by God himself, and everything else is the Devil trying to trick us into his Java ways...…
You may have heard about spreadsheets or relational databases...
> In hindsight it's too bad we don't have similar characters that follow a more sexpr-ish layout - say, ListStart, ListEnd, and Delimiter. Then you could tree them endlessly. Well, we do. Since basically no one else…
Of course, and in software development we call these instruments, interfaces and well designed automated tools libraries. A framework in aerospace would be more akin to a pre-built airplane with a bunch of holes where…
It is always possible. Name one case where it isn't, and I'll tell you how it's possible :) Web frameworks should handle input (routing, request fields, url query) and output (templates). That's it.
That private API is called a service layer, and without it, your code devolves into copy/paste spaghetti. We live in an age when having a complementary iOS/Android app for your site is not the exception anymore. Without…
Once again there's no way to make a mistake with a prepared statement. The only way to do it is using poor practices like using half baked "sanitizing" functions which no competent developer will use. And once again,…
Well first of all your "common scenario" terrifies me, and betrays an app developed by incompetent devs who wouldn't even know what a "hash" is, because in any sane situation: 1) The SQL database is not public (any more…
Nothing is secure by default, even Django and Rails. You can always shoot yourself in the foot, if you don't know the basics about security. This is why the solution isn't relying on your framework, but on your…
SQL injection is not a problem of web frameworks, because SQL should never be a part of the web layer of an application in the first place.
The problem of lookup table attacks is solved by the public salt I already mentioned. HMAC protects against attacks like length extension (google it), which aren't applicable for discovering a password from a hash.…
> "This is a standard developer response - I recall when Sinatra was a fresh kid on the block, and the same arguments people used against Rails" And the more time passes, the more problems with Rails are being…
Many things said in that video are kinda off. He mixes password hashes and MAC (message authentication codes), saying we should HMAC our password hashes. There's little to gain from that: - Password hashes exist to hide…
Doesn't help if you click somewhere by accident and delete an email without noticing.
You can always shoot yourself in the foot even with a service layer. But in a service layer you need to get it right once. And therefore if you don't, you have to fix it just once. And coupling your business logic with…
If it's "not a hard problem" - and I agree it isn't, and it's solved by Clojure's SQL libraries, why should the web framework deal with it in any way? And moving the problem actually helps, when the original place was…
Well you see, when I refer to "powerful" I mean custom, scalable, service based architecture best fitting the app at hand. PHP can do that. I can even write some of the services in other languages, and it'll work just…
It's simple. Let's see what the spectrum of PHP solutions is. It goes from: - WordPress: very simple, you don't need to be a coder, not that powerful. And goes until: - PHP + libraries: complicated, you need to be a…
Yes scores can't possibly be universal. But admit it. It just irks you to see a pop singer might be more popular than the president.
> "But in our universe, people saw the algorithm as hackneyed, particularly when Justin Bieber had a higher Klout score than the US president." Maybe Klout was wrong with this particular arrangement, or maybe your…
> "it'll still confuse the FUCK out of java, c#, c++ and flash developers, because they are still SEMANTICALLY weird and confusing to people used to classical inheritence... So I'm happy about that. As long as Java…
> "That won't necessarily stop $developer making a little PHP interface long after you leave, which exposes your DB again." Let me ask, does this hypothetical company have someone in charge of architecture, or everyone…
Your logic is a bit weird. Sendgrid just experienced this major embarrassment and are currently re-training their staff to avoid it again at all costs. And you're going to move away from them now?
That's probably the one part that really didn't make sense. But maybe he did it for sport.
> "and it looks inspired by PHP." You're getting the order wrong here. - It was inspired by Java. - PHP OOP was also inspired by Java. It's hard to argue that Java's OOP model is bad. It encourages clear code structure…
And a bunch of people coming out of their caves to tell us how JavaScript's quickly cobbled up hacky prototype system is a design by God himself, and everything else is the Devil trying to trick us into his Java ways...…
You may have heard about spreadsheets or relational databases...
> In hindsight it's too bad we don't have similar characters that follow a more sexpr-ish layout - say, ListStart, ListEnd, and Delimiter. Then you could tree them endlessly. Well, we do. Since basically no one else…
Of course, and in software development we call these instruments, interfaces and well designed automated tools libraries. A framework in aerospace would be more akin to a pre-built airplane with a bunch of holes where…
It is always possible. Name one case where it isn't, and I'll tell you how it's possible :) Web frameworks should handle input (routing, request fields, url query) and output (templates). That's it.
That private API is called a service layer, and without it, your code devolves into copy/paste spaghetti. We live in an age when having a complementary iOS/Android app for your site is not the exception anymore. Without…
Once again there's no way to make a mistake with a prepared statement. The only way to do it is using poor practices like using half baked "sanitizing" functions which no competent developer will use. And once again,…
Well first of all your "common scenario" terrifies me, and betrays an app developed by incompetent devs who wouldn't even know what a "hash" is, because in any sane situation: 1) The SQL database is not public (any more…
Nothing is secure by default, even Django and Rails. You can always shoot yourself in the foot, if you don't know the basics about security. This is why the solution isn't relying on your framework, but on your…
SQL injection is not a problem of web frameworks, because SQL should never be a part of the web layer of an application in the first place.
The problem of lookup table attacks is solved by the public salt I already mentioned. HMAC protects against attacks like length extension (google it), which aren't applicable for discovering a password from a hash.…
> "This is a standard developer response - I recall when Sinatra was a fresh kid on the block, and the same arguments people used against Rails" And the more time passes, the more problems with Rails are being…
Many things said in that video are kinda off. He mixes password hashes and MAC (message authentication codes), saying we should HMAC our password hashes. There's little to gain from that: - Password hashes exist to hide…