Feb 15, 2017 - A critical analysis of Laravel

Laravel is probably the closest thing that the PHP community has to Marmite, it seems you either love it or hate it. It’s proponents love how easy it makes developing software; whereas it’s detractors accuse the framework of promoting bad practices. They can’t both be right or can they?

There's more...

Oct 3, 2016 - Password similarity

Another interesting discussion broke out on twitter today about Yahoo! preventing people from using passwords which are too similar to passwords that they have used in the past. I agree with the general direction this discussion took - Yahoo is probably storing plain text or encrypted passwords violating my 6 rules of password storage, however it got me thinking: Is it possible to achieve a similar password filter in a secure way?

There's more...

Oct 3, 2016 - 3rd Party Credential Management

An interesting question came up during my PHP North West unconf talk about The 6 rules of password storage: “How should you store a password for SMTP login?”. This is a slightly different problem to storing a users password for your own site and requires a different solution. I’ve decided to expand upon the answer I gave at the time to provide a reference for anyone else who has this problem.

There's more...