Essential PHP Security

Good book to read for anyone working with PHP.

It started off easy enough, you know, don’t trust input, always escape output, stuff like that. “Yeah, yeah”, I thought, “I learned that in kindergarten”.

But with each chapter, my attitude kind of changed from a “yada, yada” to “hmmmm” to “oops”.

The author doesn’t quite go into great depths of PHP programming, and there are some answers that are somewhat simplified; but with each merciless chapter, he brings up exploit after exploit, asking “did you think about this? and this? you thought about that, didn’t you?”

And you’re left wondering about that particular piece of code you wrote a few months back, because in the back of your head, you know that you didn’t think about that.

I have now resolved never to trust a programmer who hasn’t read at least a few good books about computer security (and can tell me which books he read).

Neither do I trust myself.

This entry was written by Mats Gefvert, posted on July 26, 2008 at 21:40, filed under Security, Software Development. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never shared. Required fields are marked *

*
*