PHP security: not what you think
on
Pro PHP Security
·
· Score: 2, Informative
If you work in PHP and you think that cleaning and escaping user input for SQL statements is all there is to writing and deploying secure code, then you are the person who most needs to study this book! I am just finishing up the last couple chapters myself and I agree with the positive review. I've been writing PHP code for money for a few years, and I picked up so much new information on the first read through that I believe a second will be in order soon.
The book covers a very wide range of topics, providing good references for further reading where needed AND is just as useful for sysadmins as it is for developers. There is a lot of good stuff about maintaining secure and productive environments for development and production. I especially liked the introduction to using CLI PHP with PCNTL functions to set up an API for securely handling calls to system commands, with queuing, batch processing, etc.
One thing not mentioned in the review is that the book is pretty heavily focused on PHP in the *nix/Apache environment -- if you're running on Windows, say, a lot of the provided details won't apply for you. Still recommended reading though; it's just something to be aware of.
Slashdot Mirror
This sounds a lot like balanced audio connections.
If you work in PHP and you think that cleaning and escaping user input for SQL statements is all there is to writing and deploying secure code, then you are the person who most needs to study this book! I am just finishing up the last couple chapters myself and I agree with the positive review. I've been writing PHP code for money for a few years, and I picked up so much new information on the first read through that I believe a second will be in order soon. The book covers a very wide range of topics, providing good references for further reading where needed AND is just as useful for sysadmins as it is for developers. There is a lot of good stuff about maintaining secure and productive environments for development and production. I especially liked the introduction to using CLI PHP with PCNTL functions to set up an API for securely handling calls to system commands, with queuing, batch processing, etc. One thing not mentioned in the review is that the book is pretty heavily focused on PHP in the *nix/Apache environment -- if you're running on Windows, say, a lot of the provided details won't apply for you. Still recommended reading though; it's just something to be aware of.