PHP on .NET?


Originally posted in my old blog at My Opera

Microsoft's ASP.NET has a lot of useful features, things you might want to have in PHP too.
But you can't run PHP as a .NET language because Microsoft already has ASP.NET… or can you?

It appears that some Czech programmers came up with this idea few years ago and they made a PHP compiler for .NET, Phalanger, which compiles PHP code into MSIL which is understood by the .NET Framework.

Read More

Preventing cross-site scripting attacks


Originally posted in my old blog at My Opera

Cross-site scripting attacks, also known as XSS attacks, are a type of vulnerability found in some web sites.

For example, if your blog comment box allows users to write JavaScript snippets that aren't escaped in any way by the server and are ran, it's most likely vulnerable to an XSS attack.

It's not just a problem with small, less known sites – Recently, even Google had an XSS vulnerability.

XSS attacks are, however, quite easy to prevent if you know how.

Read More

About Flash and RIA's


I've been working with Flash lately, or more precisely, Flex 2. Flex is like Flash for programmers (more on that later in this post)

Not so long ago, I also tried Flash Lite, which is a lightweight version of Flash for mobile devices.

What started as a tool to create annoying animations and unusable interfaces has gone a long way, and is now a quite serious contender for creating content.

Of course the above notion is not completely true. Annoying animations and unusable interfaces are just what I personally remember from the things created with the earlier versions of Flash.

Flash as a technology has matured a lot and has a very large market share these days, so you can't no longer say no to it because of poor support. And considering that even mobile phones have Flash support… talking about which, Flash Lite 1.1 is a horrible thing to work with.

Flash Lite 1.1 is basically Flash 4 with a thing or two from Flash 5. You can create Flash Lite 1.1 content with Adobe Flash 8 and newer (correct me if I'm wrong). So what's so bad in it?


It does not support functions.
It does not support arrays.
It probably does not support some other useful feature I can't think of at the moment either.

Both can be “hacked”: You can use named keyframes as functions and a certain eval-trick to create “pseudo arrays”

Using named keyframes as functions is not particularily difficult to do, but it's not as simple and clean as having proper function support. Pseudo-arrays are a blatant hack: You use eval() to create variables like array_1, array_2,…,array_N which can be used kind of like an array.

I don't know about Flash Lite 2, but the 1.1 version is quite “raw” in my opinion. Of course, the problem with ActionScript in 1.1 is caused by the fact that ActionScript in Flash 4 (and 5) is this bad. In Flash 9 and Flex 2, it's a completely different matter.

Along with the authoring tools, speed and features, the scripting language of Flash has evolved. From the horrible mess that I described above, it has changed into a full fledged Object-Oriented language in ActionScript 3. It reminds me a lot of C# which is a fact that made me instantly like the language.

There's also Flex and Flex 2, which are a completely different way to create Flash apps. Instead of the traditional animation-based interface in the Flash authoring tool, it is much more programmer oriented. You don't have a timeline or a canvas where you can draw shapes. Instead, you get a proper IDE. You also get a HTML and XML like language called MXML which you can use to create the interface in your application and a lot of ready to use MXML components like buttons and textboxes. This and the design view makes creating interfaces in Flex a very similar experience to creating interfaces in IDE's like Visual Studio 2005: Simply drag and drop things in the designer and add code.

The Flex SDK is going open source, so this might mean an increase in the amount of sites using Flex. Considering that Microsoft has released it's Silverlight, which competes with Flash, this might be a very good move from Adobe. On the other hand, Silverlight is lacking in features, doesn't work in as many browsers as Flash does and isn't widespread at all…

I don't like the idea of using JavaScript for creating RIA's (Rich Internet Applications) like Google's Spreadsheets and such. I don't think Google Gears is great. But what I do think is that Flash is perhaps the only good alternative for creating RIA's at the moment. With ActionScript 3, script speed should be even less of an issue and with tools like Flex, it should be much easier to create good interfaces with Flash because of the components. Currently the problems lie in the Linux version of the Flash 9 plugin which has some issues and the fact that Flash and Flex IDE's aren't very cheap to buy, but hopefully with Flex going Open source, we will see a free Flex IDE which should be more than possible, considering that the current Flex Builder 2 IDE is built on top of Eclipse.

What will the future bring?