Hackr.io is a community to find and share the best online courses & tutorials. Join them, it only takes 30 seconds.

Here's how it works:

share-icon

Anybody can submit a course or a tutorial

thumbs-up

Community upvotes the useful tutorials

upwards-graph

The best tutorials rise to the top

PHP The Right Way (phptherightway.com)

Visit Tutorial
Add
My Courses
Free
Top Three Medal #1 out of total 29 PHP tutorials and courses

Submitter

Educator

Coming Soon

Coming Soon.

Why developers like this tutorial (one-liner reviews):

Content quality

Qualified Instructor

Course depth and Coverage

Video quality

Course Pace

Add your one-liner review here:

Discuss this tutorial:

Ask a question or write your feedback/review of this course or tell anything to the people taking this course.

Matthias Hogerheijde
3 years ago

Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.

Gaurav Gupta
10 months ago

@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?

Matthias Hogerheijde
9 months ago

@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.



Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.

Square Boat
10 months ago

@gaurav-gupta @matthias-hogerheijde Yups, you're right.