PHP is no longer limited to sitting behind a web server like Apache or NGINX waiting for requests to process. Serverless PHP with AWS’s lambda service is now possible. At the same time, you can also write event-driven, asynchronous servers with ReactPHP. In this issue, we take a look at these new ways to use PHP.

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.