2. Introduction to Framework
What does a Framework mean?
• It’s a concrete platform where the common code to be
executed in entire application can be kept which targets
the maintainable, Reusable and scalable application.
• A framework is an abstraction of the software code
which can be selectively overridden.
• Framework takes the form of libraries, where a well-
defined application program interface (API) is reusable
anywhere within the software under development.
3. Principles of a Framework
• Control over the flow: Instead of user’s (programmer’s) custom execution of
flow, Framework must have the control over the flow.
• Default behavior: Application has to work even without any customization of
code with default configuration.
• Extendable: Programmer should have the ability to extend the framework
code
• Non-changeable: User can extend the framework code but not allowed to
change the core framework code
• Compatible: Framework should be in such a way that Application should not
be crashed even we upgrade framework version. (Latest framework has to
work even with the older programming language versions)
• Portable: Application developed on framework has to support multiple
environments (Ex: Different databases and servers like IIS, Apache)
4. Advantages over traditional programming
• As frameworks are designed to target reusable code for quick
development, lot of development efforts and time are reduced.
• Using frameworks, the developers can spend more time on
functionality development of the application than preparing the
environment. This helps them to build defect free software
applications.
• Application Code is clean and neat as we follow standard of the
software framework
• Frameworks help you to develop the project rapidly, if you know
one framework well then you’ll never worry about the project
deadline.
5. Disadvantages:
• Learning curve is involved in understanding the different
frameworks.
• Preferable to use for large scale application because for small
application, core programming language is faster than the
framework.
7. Zend framework:
• Open-source software framework for PHP 5.
• Its strength is in its highly-modular MVC design, making your code
more reusable and easier to maintain.
8. History of Zend
• Zend framework is started by Andi Gutmans and Zeev Suraski, one
of the most influential persons that started PHP 3.
• Launched in year 2006 with the preview release of 0.1.3 .
• Latest version - 2.0 beta release
9. Popular products developed on Zend
Framework
• Magento, which is one of popular open source shopping cart
• McAffee company website
• IBM company website
10. Advantages over other frameworks
• Highly flexible: We can extend all most all the framework
classes
• Loosely coupled: We can delete the components or modules
which we don’t want in our application. It is highly modular.
• Scalable: Can be developed high performance application as
entire library won’t be loaded for each request.
• Easy to test: PHPUnit is integrated with Zend framework.
• Compatible with different databases (Db2, Mysql, Oracle and
MSSql)
12. Security in Zend framework
• Sql security: Zend framework has the Database abstraction
layer which contains many escaping functions so no need to
bother about sql injection attacks.
• It’s having different APIs to handle queries
• Zend_Db
• Zend_Db_Statement
• Zend_Db_Select
• Zend_Db_Table
13. Cross Site Request Forgery (CSRF) Protection:
• Protections against CSRF attacks are usually based on secret,
session depended form tokens
<?php
Class My_Form extends Zend_Form
{
function __construct()
{
parent::__construct();
$this->addElement('hash', 'csrf_token',
array('salt' => get_class($this) .
's3cr3t%Ek@on9!'));
}
}
?>
14. Session Management Configuration:
• Configuration has big influence on security.
• Zend_Session providing different options to configure session
parameters’ .
• It supports SSL to avoid session hijacking.
<?php
Zend_Session::setOptions(array(
/* SSL server */ 'cookie_secure' => true,
/* own name */ 'name' => 'mySSL',
/* own storage */ 'save_path' => '/sessions/mySSL',
/* XSS hardening */ 'cookie_httponly' => true,
/* short lifetime */ 'gc_maxlifetime' => 15 * 60
));
Zend_Session::start();
?>
15. Security from XSS :
A number of classes, primarily within the
Zend_Form, Zend_Filter, Zend_Form, Zend_Log and Zend_View
components, contained character encoding inconsistencies whereby
calls to the htmlspecialchars() and htmlentities() functions used
undefined or hard coded charset parameters.
16. Different Design patterns used in Zend
framework
• Zend_Controller_Front
– Singleton
• Zend_Db_Adapter
– Abstarct factory pattern
• Zend_Db_Table
– Table Data Gateway
• Zend_Db_Table_Row
• Row Data gateway
• Zend_Log
– Factory Method
– Adapter
– Composite
• Zend_Form
– Composite
– Decorators
• Zend_Filter and Zend_Validator
– Strategy