PHP The Right Way (phptherightway.com)

Visit Tutorial
Add
My Courses
Free
Top Three Medal #1 out of total 42 PHP tutorials and courses

Submitter

Why like this tutorial (one-liner reviews):

Content quality

Qualified Instructor

Course depth and Coverage

Video quality

Course Pace

Add your one-liner review here:

Write your review/feedback of this tutorial:

You can also ask questions or provide any information that might be helpful to the people taking this course.

Matthias Hogerheijde
3 years ago

Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.

Gaurav Gupta
1 year ago

@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?

Matthias Hogerheijde

@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.

Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.

Square Boat
1 year ago

@gaurav-gupta @matthias-hogerheijde Yups, you're right.

Leo Torres
1 day ago

How up to date is this?