Posts Tagged with "good practices"

Securing a directory with 777 or 775 permissions

Posted by Stanislav Furman on July 6, 2014

If in your project you have a publicly accessible directory that has full permissions (777), then it may cause serious security issues. An attacker may put an executable script or binary on your host and then run it remotely. This is a major security whole and it may lead to major problems if someone decides to attack your website.

However, sometimes on some shared webhosting servers you need have a folder that has risky 777 permissions (or, if possible, 775 which is a little bit better). As an example you can consider a folder where website users can upload their photos or images. In this case it opens a security whole for potential attackers. But, there are a few techniques that can help you to keep your website safe.

Continue reading

Responsive website Vs standalone mobile version

Posted by Stanislav Furman on June 16, 2014

We all use mobile devices every day. Well, at least most of us. All those smartphones, tablets, gadget-watches, etc. Most of us cannot imagine life without these things. Of course, these devices are used a lot to access the Internet. Howerver, not all websites will look the same on different screens. In fact, a lot of websites will look really bad on smaller screens. I'd even say most of web sites!

In the modern web design there is very common dilemma whether to create mobile standalone website, or create responsive design. As usual each option has its pros and cons. In this article I will look at both options and show a sort of comparison.


Continue reading

Important things you must know before register a domain name

Posted by Stanislav Furman on May 16, 2014

Important things to know before buy a domain name

Most of web developers from time to time buy domain names. But not all web developers know what can be behind that process and what unexpected problems may appear suddenly.

There is plenty of domain name registars like Go Daddy, Enom, 1nd1, etc. Each registar has its pros and cons. Sometimes a domain owner can face a very sudden problem. Unfortunately, this "problem" could have been known if domain buyers read Terms and Conditions carefully before they buy domains. Registars have a lot little "surprises" buried in the fine print of a registrars' "Terms of Service".

I heard a story from one of my collegues that a registar requested a 200$ fee to unblock my collegue's domain name after it was blocked based on a anonymous request! The registar didn't even try to contact the domain owner and understand the nature of the problem. They simply said "Pay us money!". It looks like a virtual extortion.

Continue reading

Backward version compatibility in PHP web application

Posted by Stanislav Furman on February 17, 2014
How to handle backward PHP version compatibility in your web application

Loose comparison in PHP. Example of breakable functionality.

Posted by Stanislav Furman on September 12, 2013
Example of breakable functionality using the loose comparison in PHP

Cookieless cookies and user authentication without cookies and JavaScript

Posted by Stanislav Furman on September 9, 2013

How to protect against SQL injection, and why SQL injection is dangerous

Posted by Stanislav Furman on May 14, 2013
What is SQL injection? Why SQL injection is dangerous? How to protect against SQL injection?

How to trim array elements in PHP in one shot

Posted by Stanislav Furman on April 17, 2013
Remove all leading and trailing white spaces in all PHP array values.

MySQL. How to insert a row or update if exists in MySQL.

Posted by Stanislav Furman on February 25, 2013
Insert a row into DB, or update row on duplicated key in MySQL.

How to interview a programmer. Thoughts about hiring process.

Posted by Stanislav Furman on August 26, 2012
You might also would like to read a related article How to recognize a good programmer.

Just a few thoughts...

I cannot remember how many various job interviews I have passed in my professional career. Maybe fifteen, or twenty, or maybe more. Some of them were successful, some of them not. However, very rarely I have met a really good recruitment process. Whether in Eastern Europe or in Canada – I noticed that everywhere.

Sometimes it was just a waste of my time when, for example, the potential employer declared something like: "Actually, we are looking for a specialist with a slightly different skills set" or "Unfortunately, we are limited with our budget and cannot offer you the salary that you are seeking. How about a salary 20% less than you are making now?". Seriously?!! Guys, you were aware about my salary expectations before you asked me to come for the in-person interview!

Keep in mind that for every such interview candidate should make some time to prepare, leave early from the current job (or come in later), and maybe even take a day off. Also, potential employers are spending their time too! So, why should they both waste time if a short phone call may help to figure out whether it makes sense to meet or not?!

Continue reading