OpenLampTech issue #128
Is MariaDB better than MySQL? | PowerLite PDO | Laravel 11 prompt validation rules | How do you keep your Linux safe? | SQL Injections are worse than you think.
Thank you for reading the OpenLampTech newsletter!
If someone awesome shared this newsletter with you and you are not yet subscribed, please use the Subscribe button below and join:
OpenLampTech has sponsorship opportunities for your brand, product, or service in the weekly newsletter. As an independent publication, collaboration is very affordable.
All commentary and opinions are mine unless otherwise quoted.
SQL Injections Are Worse Than You Think
And, they are still very common.
Unfortunately, there are several variations of an SQL Injection attack that can be executed against the database.
Alex of Alex Web Develop provides examples of some of the more common attacks with explanations of how they might be used by nefarious actors.
Always be sure you are sanitizing user input and using prepared statements to help mitigate and minimize the risk of SQL Injections.
[Alex Web Develop]
The Real Attack Vector Responsible for 60% of Hacked WordPress Sites in 2023
I see (and sometimes read) a lot of content from ‘well-known’ sites about a new vulnerability or exploit in WordPress. On the other hand, I wonder how valid some of them are or is it just a way to get page views?
One thing I do like is that this article mentions operating system-level monitoring versus plugin-based. I'm no security expert myself but I can see where that can be significant.
PowerLite PDO: A Powerful PHP Database Abstraction Layer
I saw this shared recently in my friend Reuben Walker's The Payload newsletter (which you should absolutely be subscribed to) and wanted to include it in OpenLampTech this week.
If I'm not working with a framework-specific ORM (which I barely do) then I typically use PDO instead of MySQLi.
I've not (yet) used PowerLite PDO but it looks promising. Especially, if you find regular PDO's syntax just a bit too heavy. PowerLite PDO is supposed to abstract away some of that.
[dev.to]
Security Tip: Laravel 11's Prompt Validation Rules
In this article, Stephen Rees-Carter of Securing Laravel looks at Prompt Validation in Laravel 11.
There is plenty of discussion and thoughts on user input validation coming from the browser. But, as Stephen mentions, it is important from the terminal or command line as well.
Perhaps more so with command line access, users may accidentally or inadvertently modify/harm/destroy data and this is likely a good place in productions to validate user input.
[Securing Laravel]
5 Best SQL IDEs [EXPERT RANKING]
In addition to application-building tools, Five also has an SQL IDE.
SQL IDEs are pretty much a necessity if you desire/need a nice(r) GUI to work with your SQL database as opposed to a terminal-based workflow.
I've used Oracle SQL Developer and MySQL Workbench extensively and both are fantastic products. Learn more about these and others in this article.
[five.co]
If all kernel bugs are security bugs, how do you keep your Linux safe?
It is my understanding that almost any operating system is vulnerable to attacks and security exploits on some level. It seems like the Linux kernel has had its fair share of self-imposed Common Vulnerabilities and Exposures or CVEs this year alone.
Here is an insightful quote from the article. Something I had no idea about:
"In the kernel, just about any bug, if you're clever enough, can be exploitable to compromise the system.”
[ZDNET]
Why MariaDB Is “Better” Than MySQL
Ouch.
Na, in all fairness, both MariaDB and MySQL are absolutely viable solutions.
But, where do their differences lay since at one point, MariaDB was considered a drop-in replacement for MySQL?
Both are ACID-compliant and have robust SQL features.
While they share those similarities and more, there are differences between them as each DBMS continues to advance.
I don't recall seeing it better put than this passage quoted directly from the source article:
“And when it comes to compatibility, while MariaDB ensures ease of transition from MySQL by retaining backward compatibility, MySQL does not reciprocate this with MariaDB.”
[Percona]
[#Affiliates and Classifieds] - Your support keeps the OpenLampTech newsletter free for readers
Take your Laravel applications to the next level with Battle Ready Laravel by Ash Allen. Learn how to improve the performance, maintainability, and security of your Laravel projects in this e-book. (affiliate)
Ultimate Laravel Boilerplate to help other indie hackers deliver their SaaS in hours. Get started with LaraFast today! (affiliate)
Popups, newsletters, and abandoned carts. Use Omnisend with integrated email and SMS campaigns. (affiliate)
Thank you for reading. I hope you have a great rest of your week.
Take care.
Josh Otwell
OpenLampTech is a reader-supported publication. You can support the publication with a virtual coffee for as little as $3 (USD).
Some links may be affiliate links from which I earn a small commission at no additional cost to you.