Banshee, the secure PHP framework


Banshee is a PHP website framework, which aims at being secure, fast and easy to use. It has a Model-View-Controller architecture (XSLT for the views). Although it was designed to use MySQL as the database, other database applications can be used as well with only little effort.

Ready to use modules like a forum, photo album, weblog, poll and a guestbook will save web developers a lot of work when creating a new website. Easy to use libraries for e-mail, pagination, HTTP requests, database management, images, cryptography and many more are also included.

Most software that can be used to create a website is either a framework or a Content Management System (CMS). The disadvantage of a framework is that it requires quite some time and work to build a website, because it has no ready-to-use interface. The disadvantage of a CMS is that it requires quite some knowledge about the CMS (and hacking) to extend its functionality. Banshee has none of these disadvantages as it is more of a hybrid, a framework with CMS functionality and ready-to-use modules. That makes Banshee actually a, what we call, Content Management Framework (CMF). The reason for still describing it as a framework is because more people are familiar with that term than with CMF.


The main focus of this framework is to be secure. Several techniques have been used to prevent attacks like SQL injection, Cross-Site Scripting and Cross-Site Request Forgery. The framework also takes care of authenticating users in a transparent and secure way.

Since version 1.7, a security auditing script is included to verify that changes made to the framework have not introduced a security bug.

An earlier version of Banshee has been audited by a Dutch IT security company. No issues were found.

Why Banshee?

There are a lot of PHP frameworks available. So, why should you chose Banshee? Many frameworks require a lot of documentation reading before you can start using it. While creating Banshee, special attention has been given to an easy to read and understand structure. Where possible, Banshee creates a transparent layer on top of the default PHP functionality. For example, you can use $_SESSION as you are used to. The Banshee session library takes care of the rest. Of course, documentation for Banshee is available. But to really understand how Banshee works, just start reading public/index.php and everything will be clear. Promise.


You can see an online demo here. There are two users available: 'admin' and 'user'. Both users have the password 'banshee'. You are allowed to test things by changing the content, but please behave.