As web developers we are used to people mostly using teh websites we build in teh way intended.
It can be hard to get into the mindset not just of what can go wrong but how what we have built can be subverted.
There are a lot of tools available to those who want to attack our websites - and I think it is worth web developers having some familiarity with these.
The tools themselves are legal - but should only be used where you have permission.
Read more ...The web is not secure enough. Every day we hear stories of sites being hacked, businesses and lives ruined.
As an industry we have to do better.
First we need to study common issues, security standards and processes.
It also helps to try a little ethical hacking to see things from the other side.
Read more ...Most of what you read about securing PHP is how to write secure code - and that is really important.
In addition it helps to setup PHP on the server for best security.
There is plenty we can do to harden the setup without hurting the functionality we need.
The more layers we have in our security setup the better.
Read more ...I’m staring a new PHP project and I wanted a clean docker image to work from.
I inherited one on my last project and wanted to improve image size, security and production alignment.
Read more ...It’s amazing being able to get free TLS certificates instantly from Let’s Encrypt.
But they don’t provide certificates for localhost
You can generate, and trust, your own certificates and I’ve written up how to do that but honestly it’s not a trivial process.
Here is how to use Let’s Encrypt for local dev.
Read more ...Laravel’s database migrations is a great system and makes it easy for the development team to stay in sync with schema changes as well as ensuring tests can run against a defined database state.
It also makes great use of transactions to efficiently roll back changes after each test
But what if you have some large tables of fairly static data that you don’t want to reload on every test run …
Read more ...I have been working with some of the data from The Office of National Statistics and Ordnance Survey.
If you want some lookup tables to find out how wards, districts/divisions, counties and so on all relate take a look here
https://github.com/seanburlington/uk_geodata
Read more ...Something didn’t quite click with me about Laravel Eloquent Models.
There is nothing in the Model that defines the fields.
The Model defines which database table the data is stored in.
Whatever fields are in the table will be loaded to the Model.
Read more ...I wanted to better understand what is happening when I run Laravel tests that hit the database.
TLDR: Database migrations are run on every test run, optionally with seed data.
Each test case runs in a transaction.
(This is written based on Laravel 9)
Read more ...I have been blogging since about 2005 and been through several different platforms in the process
Using a Static Site Generator with content in Markdown is awesome for low maintenance and content portability.
If I move platform it shouldn’t be hard to migrate the content and to that end I want to keep the my posts fairly pure Markdown - but it can be a bit limited.
How do I add some classes to change how it looks?
Read more ...