[pmwiki-users] PHP - slightly off topic but not really

[Jason Frisvold]

On 11/27/06, Craige Leeder <craige at internetadvisor.ca> wrote:
> What kind of security does the latter cover, and how in depth? Examples
> maybe?  I've been looking for a new, advanced PHP book to read for a
> while, but I don't want to read over the stuff I already know.

Well, let's see..  The first half of the book is devoted to server
security with a PHP slant.  Some tips on securing PHP itself on the
server.

The real PHP meat is the latter half of the book.  It covers the
normal validation, injection, cross-site scripting, and hijacking
scenarios.  It also covers temp file security, identity validation,
data execution, loss prevention, accountability, and more.  It's a
pretty in-depth book that covers a lot..  (Note, I'm not affiliated in
any way with the authors..  at least, not any way I'm aware of..  I
don't believe I've ever spoken with either of them and I don't work
for the publisher.)

If you're already quite security conscious, then you'll likely have
seen all of this before.  I'm of the opinion that reading additional
books on the subject sometimes provides alternative insights and
definitely helps you keep these concepts at the forefront of your
thinking.

> Oh, and are they PHP 5 or 4? I would prefer something that covers 5's
> features.

PHP 5.  They like to use OO programming a lot.  I'm still kinda stuck
in the 4.x world, but I'm transitioning...

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com