Hello tedd,

Oh,  I  liked  what  you've  said  about a website like a house. May I
translate  this  into Russian and quote you in my blog? I'll place the
copyright :-).
Actually,  what  I  would  like to learn is how to break things. No, I
don't  gonna be a hacker (I don't want to go to a jail!), but as a web
developer,  I  would  like  to  know how a really bad guy can break my
sites and prevent him to do this :-).

With best regards from Ukraine,
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion

------------ Original message ------------
From: tedd <tedd.sperl...@gmail.com>
To: PHP General
Date created: , 9:12:06 PM
Subject: [PHP] A Review Request

      At 11:11 AM -0400 5/20/11, Alex Nikitin wrote:
>Also to tedd, i would say that you should make it a series of 
>tutorials of how to make simple user auth progressively more and 
>more secure, i would say that would be a good learning experience 
>for someone. Start with your basic code, introduce new concepts that 
>will teach novice a little bit more about how the internet works, 
>how sessions work, how it can all be exploited conceptually, and 
>introduce ways to fix those issues with progressively more hardened 
>code...? I think that that would be a great way of learning for a 
>novice, i would say maybe 3 more tutorials, each progressively more 
>secure; suggesting next one to introduce hashing, cleaning the code, 
>and some of the initial concepts outlined above, then a system setup 
>for https, going over tls renegotiation, setting up rewriting rules, 
>etc, and changing the code with securing the session code and 
>introducing login limits, and finally perhaps how to take make all 
>of this system a bit more web 2.0 with jquery, ajax, and perhaps use 
>that as the introduction of the next set of tuts of how to do this 
>same thing with a database back end with references back to this 
>auth system? I would have certainly liked to read a tutorial like 
>that when i was starting out... And, i'm up to help, i'm sure others 
>as well would not mind chiming in their $.02 :)

Well... that's where I intend to go, namely, start with the basics 
and continue with progressive disclosure.

However, there is lot to address here.

As I often explain to my students, a web site is like a house:

1. There's the foundation, flooring, walls, and roof, which is the 
structure -- that's HTML;

2. There's the outside covering (paint, bricks, siding) and the 
inside covering (paint, carpet, wallpaper), which makes the 
presentation -- that's CSS;

3. There's the inside works, such as the plumbing, furnace, air 
conditioning, and electrical, which provides functionality -- that's 

4. And there's the light-switches that turn on/off, doors and windows 
that open/close, rheostats that go up/down, faucets that turn on/off, 
and door bells that remain silent or ring, which allows behavior -- 
that's JavaScript.

You put all of these items together and the entire house can do more 
than any one of them can do by themselves, namely make a home.

Additionally, how you arrange and combine these things together and 
have them interact with each other is a topic of study that far 
exceeds the knowledge of any one of them.

Furthermore, if you include these things with  how people react with 
web sites (what makes people do things) then you'll have an excellent 
introduction into problems in creating a good web site -- and that's 
my ultimate goal.

However, my first step is to put various things up for peer review 
and listen/adapt to the feedback. That's what I'm doing.




PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to