Don't target PHP 5.2 or 5.3 for new projects
CodeIgniter 3.0 will support PHP 5.2. Anthony Ferrara wrote an interesting article on his blog why that's a very bad thing.
http://blog.ircmaxell.com/2014/12/on-php-version-requirements.html
Marking http as non secure
Ultimately, we can even imagine a long term in which secure origins are so widely deployed that we can leave them unmarked (as HTTP is today), and mark only the rare non-secure origins.https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
I'm all for it.
Join 9,500+ smart developers
Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
"Freek’s newsletter is one of the best ways to stay updated with the Laravel and PHP ecosystem. It consistently highlights useful packages, tools, and ideas from the community, especially the amazing work coming from Spatie. As a Laravel developer building SaaS and web platforms, I find it extremely helpful to discover practical tools and insights that improve my development workflow."
Scan your HTTPS-enabled website for mixed content
With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. To check this I wrote a little PHP CLI app to scan an HTTPS website for Mixed Content. The script starts crawling at a given URL, and processes the page.https://www.bram.us/2014/12/10/mixed-content-scan-scan-your-https-enabled-website-for-mixed-content/
Nice!
The No CAPTCHA reCAPTCHA
Google introduced a new method that verifies you are human without you having to solve a riddle.
On websites using this new API, a significant number of users will be able to securely and easily verify they’re human without actually having to solve a CAPTCHA. Instead, with just a single click, they’ll confirm they are not a robot.
It looks like this:
http://googleonlinesecurity.blogspot.nl/2014/12/are-you-robot-introducing-no-captcha.html
Add Two-Factor authentication to your Laravel application
Authy makes it easy to integrate two-factor authentication into your existing Laravel application. It's user-end implementation is versitile, offering support for both smart-phones and standard phones. Furthermore, implmentation with its API is easy and seamless. Finally, its analytics and data tracking can you provide insights into your users and how they interact with your application's authentication system.http://blog.enge.me/post/installing-two-factor-authentication-with-authyThis tutorial assumes that you have an Authy developer account (which can be created here ), an application (either testing or production), and your application's API key.
HTTPS Everywhere
When creating a new website you should always use HTTPS. Here's a video recorded at Google I/O earlier this year on the why and how.
The New York Times switched to HTTPS last month. Here are their reasons for doing so:
“Invalid Username or Password”: a useless security measure
99.9% of websites on the Internet will only let you create one account for each email address. So if you want to see if an email address has an account, try signing up for a new account with the same email address.https://kev.inburke.com/kevin/invalid-username-or-password-useless/
