I thought it was about time to give you all an update on the free open-source Artists Website Software I’m currently working on.
I’ve got a very basic skeleton completed so far, but the alpha version is still some way off. I could have written it much quicker if I’d taken a more traditional procedural route, but my focus has been on writing a good core set of PHP classes with a dual emphasis on easy maintenance/extensibility and security.
The security aspects have been taking up most of my time recently. Chris Shiflet’s book Essential PHP Security (Amazon UK / Amazon US) has been of great help here. I think it is vital to make sure that any website is as secure as possible – and anything I can do to make the software immune (as far as possible) to SQL Injection, Cross Site Scripting, and Session Hijacking can only stand it in good stead.
Writing the PHP so that it will run on a standard shared web host is challenging – rather than using PEAR extensions I have set the criteria of only using a very standard PHP installation. This means I miss out on using PDO and other time-saving extensions. I am toying with the idea of using a few non-default extensions such as ImageMagick, but I’ll make sure that these are optional rather than required.