So, you’re designing a new feature in PHP for an application. Like most good programmers, you have a data layer and a business logic layer. But where is your security layer?
For the most part, whenever I design a new feature, all the security goes into the business logic, because the data layer should be “dumb”. Well, this is annoying because 1) I have a lot of repeat code and 2) it’s very easy to forget something. The ideal place for it is really the data layer, but this is bad practice because you limit the data layer’s flexibility.
Then, while driving to Wendy’s for a #8 today, it hit me. The perfect security layer. Unobtrusive. Simple. Elegant.
The beauty of PHP is it allows a perfectly transparent wrapper, without a lot of code. Through the use of __get(), __set(), __call(), __isset(), and __unset(), a class can be mapped perfectly to a data object. Therefore, you can just pass a data object to a security class in the constructer. Then, anytime a function or class member is accessed, perform security checks if needed.
I haven’t designed an abstract base class for this object yet, but I am going to very soon. It should help to not only clean up code, but secure the code. Definitely going to be an addition to Wack v1.
Hartsock,
What’s up buddy? Nice bit on the security layer. Seems the Wendy’s #8 drove the inspiration. I’ll catch up with you later.
Chris
This has a potentially huge impact on the performance though. If every function call has to go through __call(), which would have to use call_user_func(), that adds a lot of overhead.
Right?
Any added layer or abstraction is going to hurt performance. The key is to only use this where needed and not everywhere. Specifically, data classes are the perfect place to use this security wrapper.
If you really wanted to speed this up, a custom abstraction that mapped functions 1 to 1 instead of using __call() and call_user_func_array() would help improve performance, while removing some of the maintainability.