46+ min ago  (1002+ words) Something I get asked constantly by developers picking up their second or third language: PHP or Python for the backend? My answer used to be more confident than it should have been. I had a preference, I leaned on it,…...

1+ hour, 48+ min ago  (704+ words) The Problem with Auto-Incrementing IDs When building a B2 B Saa S platform at Smart Tech Devs, using standard auto-incrementing integers (1, 2, 3) for your primary keys is an enormous security liability. If a user sees /invoices/405 in their URL, they immediately know…...

2+ week, 2+ day ago  (694+ words) This article was published on February 27, 2024 The good, the bad, and how the future looks for PHP users and developers One thing you can say for PHP is that it's persistent. Like many long-standing programming languages, it's often maligned by…...

16+ hour, 46+ min ago  (735+ words) Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware Rescana Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware A critical supply chain attack has compromised…...

19+ hour, 35+ min ago  (214+ words) If you're building a multi-tenant Saa S, this is the first real architecture decision that will haunt you if you get it wrong. I've implemented both approaches in production. Here's the honest trade-off. Option A: Shared schema with row-level security (RLS)…...

1+ day, 9+ hour ago  (716+ words) Git Hub confirms breach of 3, 800 repos via malicious VSCode extension Hackers bypass Sonic Wall VPN MFA due to incomplete patching Flipper One project needs community help to build open Linux platform Ghost CMS SQL injection flaw exploited in large-scale Click…...

2+ day, 4+ hour ago  (532+ words) We confirmed end to end exploitation by detonating laravel-lang/http-statuses v3. 4. 5 in an isolated Git Hub Actions runner protected by Harden-Runner in audit mode. The other three packages share identical commit structure but have not been detonated yet. We expect they…...

1+ day, 16+ hour ago  (359+ words) Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - "The timing and pattern of the newly published tags point…...

2+ day, 10+ hour ago  (111+ words) Debugger. ai scans your Gravity Forms projects for bugs, security issues, and PHP-specific integration problems. Get auto-fix pull requests for every issue found. Gravity Forms deployed with debug mode, default secrets, or permissive CORS settings. Gravity Forms endpoints accepting user…...

2+ day, 7+ hour ago  (1028+ words) Six months into building Citizen App " a GDPR-compliant citizen management Saa S " a customer asked: "Are you sure my data is completely separate from other organisations using this?" I said yes. Then I went and checked the code. I found…...