Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > BOOK: Professional PHP 5 ISBN: 978-0-7645-7282-1
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional PHP 5 ISBN: 978-0-7645-7282-1
This is the forum to discuss the Wrox book Professional PHP5 by Ed Lecky-Thompson, Heow Eide-Goodman, Steven D. Nowicki, Alec Cove; ISBN: 9780764572821
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional PHP 5 ISBN: 978-0-7645-7282-1 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Display Modes
  #1 (permalink)  
Old January 3rd, 2005, 11:36 PM
Registered User
 
Join Date: Dec 2004
Location: , TX, .
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Professional PHP5 Comment

Hi,

I just thought I would give my input on something. The 'GenericObject' class that is given in chapter 7 of 'Profesional PHP5' causes quite a bit of vulnerability in some cases. For example, suppose we have a class 'User' that extends GenericObject, which references the 'user' table in an SQL database. In this particular example, assume that the login system is implemented with a 'username' and a 'password', which is md5 encrypted. With GenericObject, there is no 'obvious' way to ensure that some other employees or contractors using the User class will not change the 'password' field to a NON-MD5 value (unless this is automatically done by the database).

The only solution I can think of is to overwrite the 'save' function to automatically MD5 the password field if necessary. Some code has to be rewritten this way, though.

Anyway, I just solved my own problem, but if you ever print any new versions of your book, you might think about giving a warning somewhere.

On another note, your book was extremely helpful & thought-provoking. One of the better ones that I have read. Thank you :)

-Kevin
  #2 (permalink)  
Old February 20th, 2005, 10:19 PM
Registered User
 
Join Date: Feb 2005
Location: Ottawa, ON, Canada.
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have a question that has been puzzling me for a few hours...††In Chapter 10: Event-Driven Programming, it mentions the Handled interface.††But the Event_Handler abstract class doesn't 'implement' it in the code example in the book.††It includes the file 'interface.Handled.php' but it isn't using it.

Now, it is possible that I am not understanding it correctly, and that the mere existence of the included file does something, but it doesn't seem right.

Other than that, it's a great book!

-Farid
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible Errors in Professional PHP5 zimdawg79 Pro PHP 0 July 27th, 2006 07:39 AM
Professional PHP5 p25 Interface Problem mercury7 Beginning PHP 0 January 13th, 2006 03:18 AM
GenericObject class from Professional PHP5 codecowboy Pro PHP 0 December 14th, 2005 06:31 PM
Professional PHP5 Ch. 15 Custom Session Handler superrobotpope Pro PHP 4 February 4th, 2005 08:32 PM
Help me about write a comment. fujinova JSP Basics 0 October 1st, 2003 09:22 PM



All times are GMT -4. The time now is 03:41 AM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.