When do you add security to your apps?

When building a new php application do you create the security functions, validation etc at the same time as the functionality, or do you add it once you have the basic of the app working?

I created some very effective security functions, which seem to be slowing down development/testing. Wondering how others deal with this.
Stephen ForlanceAsked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
Security and validation pretty much must be built into the functions.  It is difficult to add it back in.  But just like anti-virus, it will slow things down.  Maybe you're 'overdoing' it.
0
 
Ray PaseurConnect With a Mentor Commented:
You might want to show us the code that is slowing things down.  We might be able to spot the issues.  Please include your test case information, so we can replicate your test environment and see the slowdown in action.

You might consider using the Laravel framework.  It will handle validation and security for you, with state-of-the-art processes that will not slow you down.

If you've created effective security functions, but wonder about performance, you might want to post them on GitHub and ask the open-source community to have a look, fork, send pull requests, etc.
0
 
Scott Fell, EE MVEConnect With a Mentor Developer & EE ModeratorCommented:
I would say it depends.  

I like to add log in from the start because many functions rely on logged in state (at least for what I work on).  But when I am creating a new page that may be more complex, I may create a single page with only my raw server side code.  Once I am happy with my logic, I add a new page and incorporate what I created in my test page.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.