Speaker Highlights: Ilia Alshanetsky


In a series of short interviews in the weeks before BulgariaPHP we’ll introduce some of the speakers you’ll have a chance to meet at the event.

Ilia Alshanetsky is a CTO at Centah Inc., a company specializing in providing solutions for the retail industry. Over the last 10 years he has been heavily involved in development of PHP, as a Core Developer and Release Master, authoring many extensions and language improvements, inlcuding one of the most popular and widely used debugging tools Xdebug. Ilia is also interested in security and performance, and frequently is writing or speaking on these and other PHP related topics. In his spare time he pretends to be a pro-photographer and engages in various sports. Read on to find out how he got into contributing, whether we should expect a new book from him and what the major changes for the past decade have been 🙂

How did you become so involved in open source projects and why did you decide to be contributor for PHP?

I became involved in Open Source project somewhat by accident. I was finding myself working on solving various problems using Open Source technologies and coming across various limitations that would prevent me from being able to do what I needed. So often enough I would look into the source code and make changes and contributions to the project to add the missing features, correct bugs, etc…

Can you tell us more about Xdebug?

I’ve done little work on X-debug, my main contribution was the creation of the original profiler cause I wanted to use Xdebug to profile my code and nothing at the time was able to do so. My initial efforts were sufficiently interesting that there after Derick had continued to work on my humble starting point and make the profiler into what it is today.

Do you plan a new edition of your book php|architect’s Guide to PHP Security or it is still up to date? What do you plan to include in it?

At the moment I don’t have the time to contemplate the version 2 of the book. Many of the issues identified are still current and relevant, but since the book was written many new security concerns were identified.

What has changed over the past 10 years that is worth writing about?

I think I would definitely spend sometime talking about the current OWASP Top-10 list, authentication security, correct mechanism for session expiry, back-end validation rules inside models, etc…