Programming

Jan 13 2007

Is PHP Secure?

PHP has to be one of the easiest programming languages to learn for building dynamic web sites. In less than a week of study, you can be adding PHP code to your web sites and saving form data to a database instead of having it e-mailed to you. The only other language that is just as easy to learn is VBScript for ASP programming (I should note that I’m not talking about ASP.NET programming which is a bit more involved!).

The problem with the ease of learning PHP is that its also easy to write code that is not secure and can be exploited by hackers. This isn’t just a challenge for novices, experienced programmers also can inadvertently write dangerous code.

Apart from coding mistakes, bugs are discovered over time in PHP itself. One would think that once they are found, its developers would move quickly to fix them. According to Stefan Esser, this is not the case. Esser runs the PHP Security Blog and also the Hardened-PHP Project Forum.

He made a post to his blog last month which angered many in the PHP community. In it, Esser announced that he resigned from the PHP Security Response Team which was originally his idea to create several years ago. The main reason he quit was that PHP Group constantly blocked his attempts to improve the security of PHP. The Group preferred blaming the developer for any security issues that occur with PHP.

Esser, while still having faith in the potential of PHP, developed Suhosin. You can find it on the Hardened-PHP Project site. Briefly, to plagiarize his site,

Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself.

Its highly recommended that you use Suhosin for any web site that is exposed to the Internet. You probably don’t have to worry much if your site is just an intranet. The National Institute of Standards and Technology (NIST) reported that PHP applications were involved in 43% of security problems in 2006. In 2005, PHP accounted for 29% of the security issues. With the growing numbers of users and applications in PHP, I expect the numbers to be even higher in 2007. All the more reason to take a closer at Suhosin.

By Johan • Programming, Security 0

Jan 10 2007

Know Your Users

Most software developers dream of writing a program which will bring them riches. The more ambitious ones have already found the luxury home on beach front property they’ll be eventually owning. Unfortunately, many programs that are created do not succeed.

One reason for failure is the way the software is built. Eager programmers would like to start writing code soon after their revolutionary idea is thought of. While this approach works quite well for writing scripts and other small programs, it falls apart when trying to create large applications.

After it is determined what your software will do, the next thing to decide is who will be using it. The tendency is to assume, for example, that your market is the entire 650 million strong Windows community. Even if 1% of them buy your product, you will be rich enough to retire early.

Unless your writing an operating system, its highly unlikely that every computer user in the world will need your software. Its also not a good idea writing software for the general population unless you have Microsoft’s marketing budget. To build a successful application, you need to focus on what it will do and who will be using it.

For example, software for controlling inventory will likely be used by managers in a corporate environment, while an adventure game will probably be played mainly by college students. If the marketing for an adventure game targets a middle manager, it will not succeed. Your software needs to solve a specific problem for a group of people confronted by that problem. If you can show someone how their life can be made easier with your application, you’ve made a sale.

By Johan • Programming 0

Dec 27 2006

Why Do People Write Open Source Software?

Everyone living on their own realizes how important it is to make money. There are all sorts of expenses to deal with, i.e. rent, power, food, clothes, pizza for late night working, etc. Making money helps finance these things.

Writing software for money makes sense. People write shareware or retail software with the hopes of creating an application that will make them rich.

So why do people write open source software? They don’t make any money writing free programs and giving away its source code. What could possibly motivate someone to spend long hours at night cranking out code after working an 8 hour shift in their day job?

Below is a list of reasons why a programmer might write open source software.

  1. They need more excitement in their life. Open source programmers get to meet some very interesting people while being involved in the open source community.
  2. They are trying to get real world experience in writing software. New programmers usually lack the experience and knowledge to get the best jobs. Writing open source shows their potential employers what they can do.
  3. They want to be involved with the latest technologies. If anything, open source software is on the cutting edge of technology and rivals its commercial counterparts. One only needs to look at how Apache dominates the web server market to see this.
  4. Writing software and then providing technical support for end users is challenging. Everyone thinks they are the most important customer and wants their problems solved immediately. With open source, you don’t have to support the software you write, someone else will. :) There are communities and forums, and people who want money before giving answers that will deal with support issues.
  5. Finally, there are open source programmers who can hear the “ka ching” sound in the distance. Way back in 1995, many programmers left the NCSA web server project to work for Netscape and became quite rich later on. Getting involved in an open source project could lead to a very profitable job in the future.

While this isn’t an exhaustive list of reasons why people write open source software, I think it summarizes most of them. There is great deal of high quality open source applications available. We need to thank all of those programmers out there who take the time to build those applications for us.

By Johan • Programming 0

Dec 9 2006

VB to C# Translator, and Vice Versa!

Let’s face it. There’s a lot of Visual Basic .NET code out there. I haven’t programmed in Visual Basic since version 6 and I don’t want to take the time to learn VB .NET 2005. It’s not that it’s a bad language but I want to focus on C#.

The owner of a software company once told me that if you learn how to play many musical instruments, you will never master any one of them. If you focus on one musical instrument, you will master it and people will pay to hear you play it. Jack-of-all-trades, master of none. It pays enormously to be specialized.

Programming languages can be thought of in a similar way. If you learn many different languages, you will never master any one of them. If you focus on one language, you will not only master it but you will run circles around others using the same language. While knowing many different programming languages looks impressive on your resume, it doesn’t help you produce great code.

So my focus is on C# but I also use C++ since the two languages are so similar.

Which leads to the next problem. There is lots of Visual Basic code that I would like to use in my own applications, but I don’t want to have to learn VB in order to port them to C#. So what do you do?

Fortunately, there are many free VB to C# translators which can also translate the other way from C# to VB. Most of them do the bulk of the translation leaving only some tweaking to get the code right. This is great news for focused programmers! :)

Here are some resources for doing the translations.

  1. Code Translator, C# <--> VB
  2. ASP Alliance C# -> VB
  3. Developer Fusion C# <--> VB

Nov 22 2006

Software Requirements Specifications Template

I found a template for creating requirements specifications for software. The template was made free for use by Karl E. Wiegers. Each section to fill in has a description of what should be written there. It is a .dot template for Microsoft Word.

You can get the template by clicking here.

By Johan • Programming 0

« 5 6 7 8 9 10 11 12