ZendCon Day Three

22 Oct 2005

As expected, I wasn't able to keep up with blogging during the conference very well. I do want to mention Michael Radwin's talk, PHP at Yahoo. It was a nice mixture of business and technical content, and there were some key points that I wanted to note:

Michael made some interesting points regarding security. For example, they use libcurl rather than enable allow_url_fopen, because (among other things) this makes auditing code easier - you have something to search for. For a similar reason, they use the input_filter hook, but they also provide developers with ways to access raw data - this also gives them something to search for during audits. I think this general approach has a lot of merit, particularly for companies with very large development teams (Yahoo employs several hundred PHP developers).

I'll fill in a few gaps and post a conference summary over the weekend. The short summary is that it was a very successful conference - organized, well-attended, and valuable.