80 likes | 169 Views
Top 10 things for an Expert. I think and I’m Descartes,Rane kesavan.m@cognizant.com now(). Do we really mistake?. We feel, we’re experts. But still we need to learn and tune our self for better performance
E N D
Top 10 things for an Expert I think and I’m Descartes,Rane kesavan.m@cognizant.com now()
Do we really mistake? • We feel, we’re experts. But still we need to learn and tune our self for better performance • The following slides show you simple tips , how it turn the application more powerful • Do we mistake ? (or) Do we take ?
Thing #1 • count() insidefor() • What it is? [kuthuv@slcd3edip12 include]$ egrep -ir "for.*count\(" * Menu.php: for( $i=0; $i < count($this->arItems); $i++ ) PGP.php: for ($i = 1;$i < count($pieces);$i++) { PGP.php: for ($i = 1;$i < count($pieces);$i++) { ... • Better: $x = count($this->arItems); for( $i=0; $i<$x; $i++ ) ...
Thing #2 • Always ON variableslow_query_login DEV/QA • Where it is? mysql> show variables like '%query_log%'; +---------------------+-------------------------------------+ | Variable_name | Value | +---------------------+-------------------------------------+ | slow_query_log | OFF | | slow_query_log_file | /var/lib/mysql/Config39VM0-slow.log | +---------------------+-------------------------------------+ 2 rows in set (0.00 sec) mysql> • Better: mysql> SET GLOBAL slow_query_log= 'ON'; Query OK, 0 rows affected (0.01 sec)
Thing #3 • How NOT to open files include "file.php"; require_once "file.php"; • Where it is? [kuthuv@slcd3edip12 include]$ grep -r require_once . [claredi@Config40VM1 include]$ greprequire_once *.inc SOAP-Admin.inc:require_once ("SOAP-Common.inc"); SOAP-Admin.inc:require_once ("memcached.php"); SOAP-Common.inc:require_once ('PGP.php'); SOAP-Common.inc:require_once ('memcached.php'); SOAP-TPP.inc:require_once( "SOAP-Common.inc" ); SOAP-TPP.inc:require_once( "SOAP-Branding.inc" ); SOAP-TPP.inc:require_once( "memcached.php" ); ... [claredi@Config40VM1 include]$ • Better: require_once (“./SOAP-Common.inc"); require_once (“./memcached.php");
Thing #4 • Still we Invite XSS/XSRF ? • The answer is Yes! We do • I don’t believe. Where it is ? [kesavan@slcd3edip11 ~]$ cd /usr/local/claredi/www/cd-pres/library/Rabbit/Auth/Adapter/ [kesavan@slcd3edip11 Adapter]$ grepsetcookie *|grep -v "\-1" Admin.php: setcookie( 'AppToken',$this->encryptCookie($this->_sessionID), 0, "/admin“ ); Admin.php: setcookie( 'AppUser', $this->encryptCookie($this->_username), 0, "/admin" ); Admin.php: setcookie( 'AppRole', $this->encryptCookie($this->_userRole), 0, "/admin"); Better: setcookie( 'AppToken',$this->encryptCookie($this->_sessionID), 0, "/admin",'',TRUE,TRUE); setcookie( 'AppUser', $this->encryptCookie($this->_username), 0, "/admin",'',TRUE,TRUE ); setcookie( 'AppRole', $this->encryptCookie($this->_userRole), 0, "/admin“,'',TRUE,TRUE);
Thing #5 • Where it is? • Better: