- Shopping Bag ( 0 items )
Posted June 26, 2008
Perhaps 'Aliro' should have been in the title? It is the name of a CMS written by the author in PHP5. The entire book can be considered as a case study in how and why to use PHP5 for writing web applications. As opposed to perhaps using PHP4 or another server side scripting language. The book delves into detailed aspects of Aliro and how it can be customised by you for your particular CMS needs. En route, Brampton also offers good, general advice about programming, not necessarily even restricted to PHP5. Consider patterns as one example. This is now a dominant paradigm amongst many programmers. He does not argue against patterns or their merit, but cautions that an overdependence might ironically constrain your thinking and subsequent design in ways that avoid finding an optimal solution. I don't recall any recently published book that I have read which even goes so far as to circumspectly say this caveat about them. Another item of good advice is to warn you against letting your PHP code run dynamically generated code (using 'eval'). Dynamic code has a nice conceptual allure and is indeed powerful. But especially when such code might include user supplied input, and where, remember, the code is being run server-side, then there are huge security problems. Don't even think about using dynamic code. Also, we see that Aliro uses Role Based Access Control. Mostly by partitioning off some key tasks into those only done by an adminstrator. Brampton claims (rightly I believe) that this enhances the security, given the realities of a CMS having multiple users of varying capabilities and intentions remotely accessing it.
1 out of 1 people found this review helpful.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.