John talked about ways to successfully create and deploy PHP applications. His talk focused on making PHP applications deployable across multiple platforms, making them fast, making them simple but powerful and testing them. Since I am a beginner in PHP development and am interested in this type of software development, I found it very informative and worthwhile. He mentioned a few software engineering techniques that I recognized from taking CSCI 362. A great technique that he mentioned for creating PHP applications was "Abstract Code Design" with PHP. In terms of Databases, there are many database management systems out there and PHP does support a few of these DBMSs. With that thought in mind, he mentioned that PHP had different functions for accessing as well as querying these DBs and that they all return different values when implemented. Because of these differences in values, he said it is a good idea to create an abstract software level that deals with all of these different return values to make it work for any DB that you use. He applied similar techniques of abstraction for different servers as well.
I had the opportunity to speak with him and he turned out to be a very nice guy. I asked him about his experience with creating the PHP Windows Installer and what sort of troubles he encountered when developing it. He said he had an easy time getting the installer to work with IIS servers but when it came to Apache, he said he had to fiddle with Apache .config files to get it to work right. So, he had a bit of trouble with the Apache server configurations. I also asked him if he had any advice for someone like me getting into PHP development. He said just stick with the points in his presentation and become really involved with a PHP open source project. We of course talked about other things but I did enjoy his conversation and he said I could contact him by email any time I had any questions.
Chris Hinkley had a great presentation on providing security for websites. He spoke about how most hacker attacks happen at the Web application layer and how to prevent attacks at this layer. When implementing security he recommended the following:
- Choose a leading CMS platform
- Stay up to date with core updates
- Decent security plug-ins
- Use a secure hosting provider
- Don't rely on network connection for security
- Have Firewalls
- VPN Access
- SSL Certificates
- Isolated Environment
Some of these things are common sense but they are all good to know. I also spoke with him afterwards to ask him some questions about using SSL certificates in securing websites. I told him I tried implementing on a while back with a form I had on a website and told him that it still kept sending the form data over unencrypted lines. I also told him I purchased one and it was implemented on the site, so I wanted to know if maybe I missed something. He said that I probably didn't include the certificate into the functionality of the form and that could be why it was happening. I then asked if he knew any places online where I could find some guides on how to properly set up SSL . He recommended that I look at NixCraft for Linux and that should give some step by step tutorials. I have not had a chance to look into NixCraft yet but I know I will be checking it out in the near future. He also said I could contact him via his email account as well.
I also saw David Duggins' talk about using different open source software for business start up but it was a lot of stuff I already knew for what open source to use when getting a business started.
The conference was a great experience and I sure took a lot from it. Next year I know I would like to go again.
No comments:
Post a Comment