Book Image

Magento Extensions Development

By : Jérémie Bouchet
Book Image

Magento Extensions Development

By: Jérémie Bouchet

Overview of this book

Magento has been revealed as the best and the most popular open source e-commerce platform in the world, with about 250k+ online stores. Magento 2 is the most recent version of this awesome toolset: every new and modern development techniques are used to offer a real modular approach and powerful architecture. The book will support you in the writing of innovative and complex extensions. Starting from the beginning, we will cover how to set up a development environment that allows you to be really efficient in your functionality writing, including GIT registering and many other development tools. We then move on to provide a large overview of the best practices to scale your module in a high-load environment. After these foundations, you will see how to use test driven-development (TDD) and unit tests to handle your code. We then build a complex extension together, step by step, and internationally-ready. Next, you will find out how to protect the users’ data. Finally, we will take a look a publishing the extension on the new Magento Connect marketplace and how to protect your intellectual property. After you read this book, you will know everything you need to know to become an invaluable extension editor, whether it is for your customers’ needs or for your own requirements.
Table of Contents (16 chapters)
Magento Extensions Development
About the Author
About the Reviewer

The possible attacks

In order to know how to prevent and fix vulnerabilities, we have to know the possible attacks your extension can undergo.

SQL injection

This is the most common attack and maybe the easiest to perform against a website that is not protected. The malicious user enters SQL statements in form fields in order to modify the way your script works.

Magento worked hard on this point, and it is fully equipped to permit you to secure all your forms and databases requests.

Here is an example of the Magento\Customer\Model\ResourceModel\Customer::_beforeSave() method. We can see that the email parameter isn't written directly in the request, but it is declared as something like a variable:

$bind = ['email' => $customer->getEmail()];
$select = $connection->select()->from(
            'email = :email'
$result = $connection->fetchOne($select, $bind);

This is a prepared...