digg

Facebook Connect Join Digg About

8 defensive programming best practices to prevent breaking your sites

phpclasses.org This article describes some software development best practices that have been used to prevent problems that can break Web sites.

Who dugg this? Made popular Apr 26, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

33 Comments

show profanity settings
expand all
  • euphemizeme, on 10/12/2007, -4/+28Your comment was a bad read. At two words, it could have been something clever, witty, amusing; but, after the first word I was disappointed, and after the second I was downright bored.
  • audiowizard, on 10/12/2007, -1/+15Did I miss something? That was the most basic read ever. Here are mine, they're just as handy.

    1) Don't let your buddies urinate into the server's CD trey. It's best that you use duct tape to prevent unwanted entry.

    2) Don't have sex on the server. Yes, girls are going to want you do sudo bash them on top of your equipment. Ever since the advent of recording studio's, womens have been hot for that type of action. Your 10 year old Dell is no less fitting to their desires.

    3) Do good coding.

    4) Make it right. Awesome. That's a good job.

    5) Hire a chinese or indian to do all your server side scripting.

    6) Fire the chinese or indian and hire a starving college student.

    7) Fire the starving college student and then have sex with her on the server.

    8) Hire someone to do all this mess for you.

    9) Digg me for being so helpful to your professional burdens.
  • firebird84, on 10/12/2007, -5/+133. Test your code

    OH REALLY?

    - 8. Do what you can as you can never get defensive enough

    As opposed to, I dunno, doing what I can't?

    What a waste of bandwidth.
  • esquilax, on 10/12/2007, -0/+8@jayt684: SQL injection was brought up in point 2.
  • CaseyUCF, on 10/12/2007, -0/+6I think you mean test your code and THEN have somebody else test it. You should never not test your own code.
  • esquilax, on 10/12/2007, -0/+4this story is specifically about PHP. some of the problems, like the exception handling one, don't apply to some other languages.
  • SilverRocket, on 10/12/2007, -1/+5phpclasses.org is great, his contribution to PHP production has been fantastic... the author of several truly top-notch classes. The article is okay....
  • phpclasses, on 10/12/2007, -0/+4Regarding using existing blogs and portal systems, in theory I would agree with you. In practice, after having seen the code used by some (but not all) of those ready to use solutions, it seems to me that some of their authors do not really engage in defensive programming practices. Maybe it is too boring for them.

    Some of the applications contained lots of security holes because their programmers did not use some of the recommended practices, like using database abstraction layers that provide prepared queries or data type mapping that perform all the necessary escaping, as recommended in the article.

    Some of such applications only support MySQL and execute queries by concatenating literal values in the queries without any escaping.

    Having many users does not always help, as most of the users will never look at the code, even less perform security audits.

    Only recently PHP security experts, like Stefan Esser and others, have invested really hard in finding and fixing many of the security bugs that such applications have. If the original programmers applied defensive practices systematically, probably such bugs would never exist. Still newer versions of some of those applications still have new security bugs. It seems that the lack of application of defensive practices still goes on.


    As for the user annoyances caused by the PHPClasses site newsletters, I think the criticism is valid.

    What happens is that there are several newsletters, probably too many. Since they look almost like the same, an user that unsubscribes from one kind of newsletter may get upset if he still gets others, as it may seem as if the prior unsubscription request did not work.

    I am thinking about how each newsletter can be differentiated, so the users realize that they are getting different newsletters and alert messages.

    Anyway, it seems that some users do not like newsletters that are too frequent, like the new classes daily alerts. This newsletter has been disabled for most subscribers now due to the excessive bandwidth consumption problems mentioned in the article.

    So, for most users they will not get much more than the weekly content newsletter, and hopefully the users will not feel annoyed anymore.
  • phpclasses, on 10/12/2007, -0/+3As I mentioned in the article, it is indeed an odd solution, but it does the job it was intended.

    It can deliver newsletters using a separate server from the main site server that triggered the newsletter delivery.

    Maybe using generic message queuing system would be a more elegant solution, but the machine that actually does the newsletter message delivery still had to connect to the main server to pick the newsletter delivery tasks that are pending to be processed. That is where POP3 was used.

    This system was created in 1999. If it was started today, I would probably use SOAP or XML-RPC to query the main site for newsletter delivery tasks. Such Web service protocols did not exist then.

    The POP3 based solution works well (despite the troubles) until today. Why change it now? Do not change the team that is winning, or actually the solution that is working. That is one defensive practice that I forgot to mention.
  • sirmo, on 10/12/2007, -0/+3I dunno about "never test your own code". I usually catch 95% of my own bugs. It's just more paperwork if the testers have to catch it.
  • boyter, on 10/12/2007, -2/+5Ideally never test your own code. I cant count the number I times I have said my code is fine then have someone point out a flaw. While unit testing can help with this you really need someone else to have a play with it.
  • dicerandom, on 10/12/2007, -0/+3How about this:
    Use dev and staging servers. Do your development work on the dev servers, following this guy's advice, then do a mock roll-out of the new codebase to staging. It is extremely important that your staging servers be running the exact same software (Apache/PHP/MySQL/etc. versions) as your production systems. Test the hell out of it, hire legions of grandmothers to click random things.

    If all that works, then you can roll out to production.
  • firebird84, on 10/12/2007, -0/+2Only PHP5+. Does not apply to PHP4 (which is still widely used).
  • pukeAndCry, on 10/12/2007, -0/+2I wrote an article focused on security which is a bit more extensive if you're looking for a more language agnostic secure development guide: http://digg.com/software/10_Guidelines_for_Becoming_a_More_Secure_Coder
  • Caps, on 10/12/2007, -0/+2Does anyone else think that his method of POP3 Mailbox based queuing is a little clumsy?

    I'm not being an ass, just wanted to know what everyone thought about it..
  • parthanant, on 10/12/2007, -0/+2Coding on my upcoming news sites has just finished.
    Looks like I will have to go back and check.
  • phpclasses, on 10/12/2007, -1/+3Thank you for you comment. I am not a native English writer, so admittedly that phrase did not seem very clear.

    What I meant is, no matter how hard you try to be defensive, you will always stumble into unexpected situations that may still cause you major problems. That is why I mention the trouble that I had with over 100 newsletters stuck in the queue. Living and learning from mistakes. Hopefully the newsletter system will not get me into new major problems again.
  • phpclasses, on 10/12/2007, -0/+2Good point.

    Somehow I mentioned that the tests should be performed in a development environment first.

    I should have made explicit that it is advised to have a development environment, if possible a sandbox testing environment, and the production environment.

    I have always a separate development environment and a production environment.

    In some projects I also have a sandbox testing environment that is more like the production environment, but I understand that not everybody can afford having all these environments for testing purposes.
  • msgyrd, on 10/12/2007, -0/+2Shorter version that applies:

    Always double check user inputs for validity.
    Always handle all possible outcomes, even the impossible ones.
    If it's on the net, output your errors to somewhere away from public viewing.
    Always create frequent backups.
    Take the extra step to secure user data.
    Test your code. When you think it's done, have 3 other people test it.
  • antechinus, on 10/12/2007, -1/+3These tips are as useful as dog's diarrhea.
  • auxide, on 10/12/2007, -6/+7Shorter List:
    1) Test your code
  • ElMoselYEE, on 10/12/2007, -0/+1so you're wasting his bandwidth and CPU? unsubscribe...jerk.
  • oojamaflip2006, on 10/12/2007, -0/+1I think the best piece of advice in the whole article was to make your code open source.
  • strangewill, on 10/12/2007, -0/+1Looks like standard program development to me, nothing special, dug down for acting like this is some method that isn't standard. I was hoping for some major debug overhaul tactics. Not "backup" and "handle unexpected input"

    Site is okay, have found semi-useful code, I mostly just get mailed todeath about their new classes, and it all goes straight to trash so I never remove myself from their mailing list.
  • rspeed, on 10/12/2007, -1/+1Man... that site never gets less ugly.
  • SubZ3r0, on 10/12/2007, -2/+1Might I point out that custom designed sites are more likly to have these problems and people who use others scripts that are well proven like blogs and portal systems like postnuke, phpnuke and other open source stuff are not as likly to face this problem due to large user bases and constant updates. so before you think your a programmer take a step back and make sure you know what your talking about and have actually built your whole site yourself. No offense to phpclasses but them newsletters are quite annoyin for awhile seemed like I was getting them everyday maybe your newsletter wasnt broken it was hacked.
  • skinjester, on 10/12/2007, -2/+1@firebird84:
    >> As opposed to, I dunno, doing what I can't?

    nice one! :)
  • CaseyUCF, on 10/12/2007, -2/+1does it make you feel dirty?
  • thinsoldier, on 10/12/2007, -1/+0And the award for 'Fugliest site on the internet' goes to....
  • DiggFight, on 10/12/2007, -4/+2His two word comment is about as good as these worthless tips. This was obviously dugg by people who only read the headline, not the article.

    No digg. Marked as lame.
  • jayt684, on 10/12/2007, -10/+4Agreed, though I'm surprised the topic of SQL injection wasn't brought up. A lot of sites have been attacked this way in the past year, including Nokia only a few months ago.
  • Respec7, on 10/12/2007, -26/+2good read

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.