The following was supposed to be a comment to the Nettuts+ article published recently entitled Creating a Crypter Class with PHP. The powers that be over there seem not to want to moderate the comment so I’ll publish it here and hopefully the trackback will connect things together. The comment is after the fold and it would make sense to perhaps at least scan over Christian’s article before reading my comments.
Original Comment (#112314)
Hi Christian, thank you for the article. I would like to share a few comments if I may.
You seem to create the interface (ICrypter) almost without considering why an interface might be necessary. The article skirts around the reasons why an interface might be handy, instead preferring to mention that any class which implements a given interface must adhere to it (other than, “there will be an error!”). It is far outside the realm of a simple blog comment to delve into this subject so I can only suggest that readers take it upon themselves to build their own understanding of interfaces in general and in PHP. There is a lot of great information out there (for a recent insight into the subject, see http://www.brandonsavage.net/why-interfaces-rock/ ).
The article doesn’t state anywhere (though it will be mightily obvious when a reader tries to use the code) that MCrypt is required. Readers, see http://php.net/mcrypt.requirements and http://mcrypt.sourceforge.net/
With regards to the list of “supported algorithms from php.net” it would have been nice to have a source cited for reference. See http://php.net/mcrypt.ciphers
The remarks about Base64 encoding/decoding values seems a little odd. Why would you automatically want to do this? Your argument is that the encrypted value might not be URL-safe but that is only an issue if the encrypted value is being placed in an URL. If you do need to use the encrypted value in an URL then it would make more sent to encode the value only when it needs to be. Base64 is not the only available option for making such a value URL-safe (the functions urlencode and http_build_query to name a few).
It also puzzles me that you use the trim function on the Base64-encoded value since there will not be any whitespace present to be trimmed! The same goes for trimming the decrypted value since there may be important whitespace which really should not be trimmed.
The article itself does not elude to why this helper class might be useful. Your comments state there will be a follow-up article with a more practical demonstration but sure it would have been nice to include a very brief situation and code example where this type of encryption/decryption is of particular benefit.
I guess that is enough writing for a blog comment! Congratulations on publishing your first article on Nettuts+ and I look forward to your next ones.
The above is my comment, copied verbatim (with the links manually added since Wordpress didn’t want to do that). Someone probably just missed by comment in the queue, so whether it appears on the Nettuts+ site or not remains to be seen. Either way the full comment is available here for reference.
Edit: between publishing this (at 8:22pm) and now (10:45pm) the comment got approved and is up on the Nettuts+ website. Guess I was just slightly too quick out of the blocks in republishing it here.
No Comments on Comments on “Creating a Crypter Class with PHP”.