Here are some security and coding guidelines which you should follow to make your application secure, faster and easy to maintain. This page does not covers everything but it lists basics which you should follow.
Your code must follow some set of coding standards like intending, control structure variable placements. Because there can be many developer for an application, using coding standards application follows same pattern so that each developer of an application can easily understand each code.
We recommend following PSR coding standards. Take a time and read each coding standards and then start following these coding standards in your application.
To keep your application secure, you should have follow below things:
Always use CSRF for the form in view.
Always use user input validation either using
Don't directly print user input in view. If you are using TWIG view then you don't have to worry about but use
Don't execute directly raw query, even if you use then always bind user input. First thing is to try building query using
We recommend using
Entityclass, as it comes validation, property value type casting, events and more.
encrypt = truefor sensitive data in
Entity. These sensitive can include personal, financial information.
Don't put sensitive information in
Cookiesession and pass data to view only if its required.
We recommend implementing service with
token = truefor secure services.
Uploaded files must be placed outside of your application. These files must be validated first either using
Formclass. Application must not allow any kind of executable file to be uploaded.
There are many other security consideration which you should follow but we have listed only those which are basic. Such security consideration can be done through remote server configurations, database configurations.
Log each error which occurs within your application.
We recommend using translations for each line and word. Even if your application to be meant for only one language, translations can remove repetition for same line or word.
We also recommend using Git, Bitbucket for version control system. This allow many developer to work on same project at same. It also helpful for rolling back application version to previous version, tracking changes in your application.
To make your application or say deploy your application to remote server, use automated deployment tool like github webhook, bitbucket pipeline, jenkins and there many other automated deployment available on internet.
Notes are visible to you only and its for your use only. Its good to note a point of what you read.