Book Image

Learning Phalcon PHP

Book Image

Learning Phalcon PHP

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Phalcon PHP
Aug, 2015 | 328 pages
No titles found
Table of Contents (17 chapters)
Learning Phalcon PHP
Learning Phalcon PHP
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Phalcon
Getting Started with Phalcon
Installing the required software
Installing Phalcon
The Apache and Nginx configuration files
Understanding the framework's internals
Summary
2
Setting Up the MVC Structure and the Environment for Our Project
Setting Up the MVC Structure and the Environment for Our Project
What is MVC?
The MVC structure
Creating the structure for our project
Creating the configuration file and the Bootstrap
Preparing the initial DI interface and the router
Using the router component in a module
Create the base layout
Summary
3
Learning Phalcon's ORM and ODM
Learning Phalcon's ORM and ODM
The main differences between SQL and NoSQL databases
Connecting to the database
ORM/ODM operations (create, update, delete, transactions, and validations)
CRUD operations using ORM
Using PHQL
Using raw SQL
Database transactions
ODM/MongoDB
ORM – drawbacks and caching
Summary
4
Database Architecture, Models, and CLI Applications
Database Architecture, Models, and CLI Applications
The database architecture
Models
Summary
5
The API Module
The API Module
Using APIs – recommended practices
Enabling SSL on our local machine
Creating the module structure
Writing a fully functional REST module with Phalcon PHP
Securing an API
Documenting the API
Summary
6
Assets, Authentication, and ACL
Assets, Authentication, and ACL
Assets management
Developing an authentication system
Securing the application using the ACL component
Summary
7
The Backoffice Module (Part 1)
The Backoffice Module (Part 1)
Editing the main layout
Cleaning the Core module
Hashtag CRUD
Category CRUD
Summary
8
The Backoffice Module (Part 2)
The Backoffice Module (Part 2)
User CRUD
User templates
Article CRUD
Summary
9
The Frontend Module
The Frontend Module
The Frontend layout and basic functionality
Modifying BaseController.php
Implementing ElasticSearch
Implementing MongoDB
Summary
10
Going Further
Going Further
Uploading files with Phalcon
Using the Annotation router
Summary
Index
Index

Securing an API

In general, when you put something online, it is not secure anymore. Virtually anything can be hacked. What can you do in this case? Well, if you are not a billionaire who can afford huge investments in human resources and security software and hardware, all that you can do is try to make the attackers' life a bit rough and always monitor your stuff.

There are hundreds of books about security and securing an API. We will try to implement a few basic security methods that can help you avoid a disaster.

So what are these methods? Here is a list:

  • Always use SSL

  • Add an API key for extra protection

  • Limit the number of requests per second from the same IP

  • Limit access to resources, such as DELETE, PUT, POST, for authenticated users

Using SSL

There is no need to elaborate on SSL. Using a secure connection is how you need to go about it. SSL certificates are quite cheap these days. For example, the guys from http://www.namecheap.com sell the multi-domain SSL certificate for 80 EUR per year...

Previous Section
End of Section 6
Next Section