Hackr.io is a community to find and share the best online courses & tutorials. Join them, it only takes 30 seconds.
Here's how it works:
Anybody can submit a course or a tutorial
Community upvotes the useful tutorials
The best tutorials rise to the top
PHP The Right Way
What's the issue?
Why like this tutorial (one-liner reviews):
Course depth and Coverage
Add your one-liner review here:
You can also ask questions or provide any information that might be helpful to the people taking this course.
Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.
Please tell us what's wrong with the comment. Thanks.
@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?
@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.
Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.
@gaurav-gupta @matthias-hogerheijde Yups, you're right.
How up to date is this?
Don't have an account? Sign Up
Already have an account? Sign In