Tips To Secure Your Php Web Applications

Security is the first and foremost concern of almost every developer on this planet. As we live in the world of high-technology, this has countless benefits and some people use it in a wrong manner. Thousands of websites in all over the world get hacked on the daily basis, some of the hackers do this for fun, some for money but all are not bad because some help to find vulnerabilities.

Developing a site which is 100% secure is an impossible task for any developer no matter how experienced he is. But security is something which you cannot ignore and writing secure PHP code won’t protect your web applications. There are so many other things to consider while developing PHP web applications and some of the following tips will help you to secure it.

Start Hashing Passwords: If you want to secure your PHP web applications so always try to use hashing password. This is because hashing password is one of the best and simple techniques to store unreadable passwords in the database. Most of the developers don’t have any idea that hashes, passwords stored in the database will be useless for a hacker even if they steal them all. It is a very safe technique which is easy to learn and apply. So the next time you choose a password for your web application so always try to use hashing password.

Escape input before using in an SQL statement: Another important tip, which you should remember for securing your PHP web applications, is that you must escape user input to prevent your application from SQL injections. These injections are an attempt made by the hackers to break your security system and if your application allows SQL vulnerability so your site is in danger.

Don’t trust Java script for input validation: Most of the developer’s use Java script for input validation because it is a good idea which helps to improve the user experience but till an extent. You should never really totally on it because it is easy for the hackers to disable it. So never trust Java script complete for input validation.

Do not store unnecessary data: A big mistake done by almost every developer which creates a big risk for PHP web application is that they store unnecessary data which is easy to hack for the hackers. So always try not to store unnecessary data. This helps to prevent hackers from stealing your information and also helps to reduce the size of the database.

All these tips will definitely help you to secure your website from hackers sitting beside you. One more thing you should consider while developing a website always installs software from trusted providers. This will help to secure your web application from the wrong persons.

The Zend Developer Pulse Survey – Expected Trends In The Technology In 2012

Zend recently conducted a survey of various developers from all over the world to evaluate what they are thinking ahead for the New Year and how this may affect different technologies. The survey includes views of 3335 developers from different countries and provides an insight into the expected career trends and technologies that are likely to get a lot more attention than others. Zend, the company that created PHP, believes that the general mood swing of developers will help in determining the technologies and tools that will be used in this year for fulfilling the never ending demand for apps and software solutions required by organizations and businesses.

The competition for businesses has moved from local to global competitors and the World Wide Web provides a perfect platform where the current war for market leadership is being fought. This requires businesses to effectively connect and engage with their customers, suppliers, employees and other business related personals at any time. The current business competition is being carried out over internet through web tools, cloud technology, mobile apps & platforms and social media. Let us see what the developers think about the coming trends in the technology and their career inclination.

An insight into the survey and its findings:

1.) It seems like mobile application development is going to be the key focus of developers in 2012. Around 66 percent of developers said that they will be targeting mobile apps development projects in the New Year.

2.) 40-50 percent of developers assured that they will be working on projects based on cloud, social media integration, API production and big data/analytics in 2012.

3.) Over 75 percent of developers said they would opt for next-generation User interface development as a possible career ahead.

4.) Out of all the developers surveyed, 67 percent are looking to enhance their mobile application development skills on different platform. Whereas, 46 percent said that they will be enhancing their cloud application development skills.

5.) Seems like cloud technology is going to get a lot of boost from the web and application development industry as 60 percent of developers are determined to use public cloud in their projects. Year 2012 is going to experience some extra clouds this year.

6.) The survey shows that developers will be focusing on dynamic open source languages and using multiple languages for their projects.

7.) PHP, Java, JavaScript and C were the forerunners in the most favorable and likely to be used programming languages section in the survey. Other languages were left far behind them.

8.) Seems like PHP is still the most favorable programming language with more than 67 percent of developers admitting that they spend more than half of their time working on PHP and use it as their core language. However, 33 percent of enterprise developers said that they used both PHP and Java in their projects.

9.) The demand for skilled PHP developers is expected to increase in 2012 as compared to that of last year and more than half of the developers agree with that.

The survey clearly indicates that 2012 will see an increased demand for cloud, mobile and social apps development. Web development companies are going to invest more heavily in PHP development and will definitely enhance their PHP development skills. However, it seems that mobile application development will be the most happening and in-demand technology in 2012.

Do You Legally Own Your Web Site?

You paid good money to have your website designed. But are you sure that you actually own it?

You may be surprised to learn that the firm that did the development work for you may actually be the copyright owner of your web site. If you retained an independent development company or individual to create your site, ownership of your site may be at risk unless you properly contracted with the developer to assign the copyright to you. In short, you may have paid a lot of money to have your site developed, only to find in the end that the developer, and not you, is the copyright owner. If you are in charge of having the web site developed within your company and ownership of the web site later becomes an issue, this may be very difficult to explain to your manager or the board of directors.

Copyright Laws Specify Who Is The Author

The two legal factors involved will be the United States Copyright Act and the contract that you may ot may not have entered with the developer. It is fairly clear under the Copyright Act that the developer would be considered to be the “author” of the web site if the developer was an independent contractor and not a bona fide employee. It is the “author” of the work that has the rights that the copyright act provides.

Works Made For Hire

For a website developed in house by an employee, the company would be considered the owner of the copyright. This is because works created by employees are considered to be “works for hire.” With a “work for hire,” the employer has the right to copyright the work and to assert all of the rights of a copyright owner.

There are cases where an independent contractor can be considered to have made a “work for hire” that vests rights in the company that contracted for the work, but the conditions for this would be very difficult to meet in the case of a web site developed by an outside firm or individual. There are 3 requirements in order for a work created by an independent contractor to be considered a “work for hire.”

The first requirement is that the work be specially ordered or commissioned by you. In most cases, this test will be met if you have contracted the web developer to create your web site from scratch and not based upon a site that the developer has previously created.

The second test is more difficult to meet. The work has to fit within one of the narrow statutory categories which will rarely apply in the case of outsourced web development work. The third requirement is a written agreement that includes a clear agreement between the parties that the work would be considered to be a work made for hire. This requires very specific wording.

Reliance On Work for Hire Status Is Not Enough

One common mistake is to assume that simply placing “work for hire” language in the contract will preserve the copyright in the party contracting for the work. This language alone is not enough. All three requirements must be met and in the usual web development relationship these conditions do not exist. So many people believe that they have the copyright to their work because they used a “work for hire” clause in their contract only to find out later that this clause does not protect their copyright.

Uncertain Ownership Can Devastate Your Business

It is no surprise that this issue of copyright ownership can have devastating impacts on your business. Without properly addressing the issue, the developer and not you would not have the right to file for copyright protection. These rights include the right to control derivative works (modifications) and the right to control publication of the work (posting on the Internet) among other rights.

Practical Solutions To Uncertain Ownership

These potential problems are best solved at the time you enter the contract with the web developer. Most developer provided contracts will be relatively silent on these issues. Silence actually benefits the developer who would usually then be the author of the work under Copyright Laws. This does not benefit the client though.

So what should the client do about this potential problem? Ideally, the original agreement with the developer should require that the developer assign all copyrights in the work to you. The contract should contain language making this assignment and it is also a good idea to require in the contract that the developer provide you with a stand-alone assignment of copyright in a form that is satisfactory to you.

From the developer’s standpoint, web developers often use templates of work that they have done for other clients when taking on new project. You can always satisfy the developer’s concerns by licensing back to the developer certain portions of the work that would permit the developer to use the basic structure of your project as a template for a subsequent project. In doing this, you may be able to negotiate on the pricing aspects of the project and it could work to your benefit. Just be careful not to give too much back to the developer so that the developer can just change the logo and some colors and use your unique layout for another client. You might also consider prohibiting the developer from using your template in connection with a business that competes or otherwise is in a position to take business away from you.

The last alternative that can be used is to have the development company retain the copyright and license the use of the content to the client. This is clearly not the preferred course for the client, but is a method often proposed as a compromise by the developer.

Regardless of the method that you use, be certain that when you pay for development work that you are contractually given the right to use, and preferable exclusively control the content that you have developed.