PHP Security Debate Rekindled

We've seen this hashed out numerous times before, but there is another round of PHP security talks going around the PHP blogs. It was stirred up by Andrew van der Stock with his controversial post regarding the leadership of PHP and the lack of support for newbies and a secure architecture upon which development can be based. Chris Shiflett responded, and Harry Fuecks responded, and Sean Coates made an awesome "driving/coding" analogy in his response. I'm sure there were others blogging about this too, but the long and the short of it is Andrew blogged again about PHP Architecture and the SABSA approach, and Chris blogged again about his work with Zend, and everyone seems to agree that the easiest way to do something should be the safest way. But the best way to make that happen is still up for discussion--the "right" answer will be very important to the future of PHP core development. Who's ready for a group hug?

PHP Conference Watch

Quite a bit of news on the Conference front, so I figured I'd be efficient and pool it all together:

Weekly HTML_AJAX Tips

Joshua Eichorn will be offering up weekly hints and tips on PEAR::HTML_AJAX features via his blog (http://blog.joshuaeichorn.com/). For his first installment, he covers Javascript behaviors-- turning them on, adding rules, and such. If you're an HTML_AJAX user (or even better if you're not) - check it out, and make sure to keep tabs on Joshua's blog.

Zend Core for IBM Now With DB2 Express-C

In a recent press release Zend announced that it is now bundling the free DB2 Express-C data server with its Zend Core for IBM. For more info on this latest release from Zend, go to http://www.zend.com/products/zend_core/zend_core_for_ibm.

eZ Components Creating a Buzz

The gentlemen behind the eZ Publish CMS (http://www.ez.no) are making waves with their release of eZ Components, a set of individual modules that can be used seamlessly as needed. They are designed to be used in enterprise development and take care of things such as "reading archive files (.zip, .tar), caching data, database SQL abstraction layer and schema management, debugging and event logging, image analysis and manipulation, in-process communication, sending fully feature mail message, templating and the safe usage of input data. Besides these main features there are also a few other components dealing with a whole range of subjects." Documentation and training are outstanding, and when coupled with the launch of the eZ Publish Planet (http://planetezpublish.org/), and the upcoming php|architect Webcast (February 17, 1 pm EST) - you have no excuse for not checking it out. Licensed under the new BSD, this free download should certainly grab your attention. Go to http://ez.no/download/ez_components to get yours today, or install through PEAR ($ pear install components.ez.no/eZComponents).

phpMyAdmin 2.8.0 beta1 Released

Now available for download and testing, the latest release of phpMyAdmin offers PHP 5.1 compatibility, web-based setup, better support for CGI and more. To get your copy, go to http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0.

php|architect Pro-PHP Webcast with Andi Gutmans

Several people have blogged about the Pro-PHP podcast last week with Marcus Whitney's interview with Andi Gutmans (Ben Ramsey, and Andi Gutmans himself, to name a few). Just thought I'd offer a quick summary to those who may have missed out. Andi let us know that the reason behind the PHP Collaboration Project is to help the PHP "ecosystem" be continuously competitive. As he stated, "by bringing others in, we enrich PHP." Things like reporting and web services support will enhance PHP's functionality to the developer. Regarding the 3 versions of PHP that seem to be emerging (4, 5 and 6), Andi states that he thinks they will all have their place. Integration with other languages and services is an important part of the Zend Framework development, and it will continue to be a priority. While it seems as if Zend may be scooping up framework talent (such as Davey Shafik) to wipe out competition, Andi is quick to point out that the Zend Framework is not a "one size fits all" solution. There will always be room for others. So when can we finally see this thing? Andi's answer is "February." They will be rolling out a preview version, along with more information and a road map via the Zend Project Framework site. While the framework is not based on Rails per se, Andi thinks it will eliminate the arguments in favor of using Rails with the ActiveRecord pattern. When asked about PHP6, he was hopeful that we might see something by the end of the year. Oh, and we also learned that Andi has 3 nationalities- Swiss, British and Israeli. But you'll have to listen for yourself to hear how that's possible. At any rate, that's the general gist of the podcast, but if you'd like to download it, go to http://podcast.phparch.com/main/index.php/episodes:20060127.

PEAR/PECL Releases

I would be remiss in my duties if I didn't include what's new at PEAR and PECL. Recent PEAR releases include:

And for PECL, we had:

As always, you can download or learn more about these packages at http://pear.php.net and http://pecl.php.net.

See you next week with more tidbits from the PHP world!