|
|
Posted by Josse Barrera on 12/30/05 12:36
Hi All,
I have just recently (~ 3wks) playing around with PHP. I come from an
OOP background (mostly C++) so I have taken to PHP5 like a duck to
water. However, I have a number of nagging questions that I have not yet
manage to resolve (all the websites I have visited seem to assume I
already know the answers - or could it be that PHP is so loosely held
together that it lets one get away without a proper architecture for an
application (is "application" the correct term for a bunch of PHP
scripts running server side or is there another term?)
Question 1:
===========
Is there any such thing as a PHP application (or are PHP solutions just
a bunch of "loosely coupled" scripts thrown together)?
Question 2:
=============
Assuming there IS such a thing as a PHP application, how does one go
about putting one together?. In the C++ world, there is the concept of
libraries, in Java there are packages, In .Net there are assemblies.
i). How do PHP solutions logically partition functionality?.
Writing extensions in C seems to be one way to go, but apart from that
being overkill, I my ISP may not even allow me to load my extension.
There must be a simpler way to partition logic surely ?.
Question 3:
==============
I have seen a few examples that seem to partition functionality by
splitting objects into various files (a bit like the use of header files
in C/C++), along with a liberal showering of calls to include() in the
code - however, unlike header files, the files "included" contain not
just the class definitions etc, but also (more critically), the
implementation (i.e. any business logic that may show how your system
may be compromised).
i). Is it possible to have your "header" files (i.e. class
implementation source code) stored in a directory location that is
hidden in some way - the main goal is to thwart any hacker who may
simply look at your include() method calls, casually navigate to the
appropriate directories and peruse your source code at his/her leisure.
ii). There are potential issues about using include().
a). I remember reading somewhere that you have a performance hit (I/O
bottleneck) every time you call include
b). There are potential security issues - You can't use include() if you
use a function called something like basedir() (or something - sorry, I
don't remember the function name). But this function allows one to
restrict users from accessing files above the parent of a specified
directory. Any (informed) feedback on this will be much appreciated.
I would be very pleased to get informed feedback on this last question
(Q3) in particular because the thought of having code that shows a
hacker how authentication or licensing (for example) is implemented at
the server side does not bear thinking about. I look forward to hearing
from the PHP5 gurus in this ng.
Many Thanks
Navigation:
[Reply to this message]
|