BUY THIS BOOK
Add to Cart

PDF $5.95

What is this?

Looking to License this content?

Envelope Tell a friend
PHP Security Collection

By John Coggeshall, Clancy Malcolm
April 2004
Pages: 25
Format: PDF
ISBN 10: 0-596-00741-8 | ISBN 13: 9780596007416
starstarstarstarstar (Average of 1 Customer Reviews)

Buy 2 Get 1 Free Free ShippingGuarantee

PDF description

This collection of articles from the PHP Dev Center on ONLamp.com examine security issues with PHP. John Coggeshall, the PHP Foundations columnist, explores the techniques crackers might use to exploit your site and demonstrates not only how to thwart those attacks but how to think to preventatively. Clancy Malcolm, an experienced open source consultant and developer, presents ten practical techniques to make sure your code and sites are secure.
Full Description

The nice thing about the Internet is that anyone can access your web site. This can also be a drawback. PHP (and the other components of LAMP) make it very easy to produce a functional, useful website.

Of course, "easy" and "secure" are orthogonal concepts.

If you care about your data or your customers' data, you need to think about security. How can you keep out the bad guys? How can you prevent and, if needed, recover from errors? How will you know if things are working correctly or if someone is snooping around in the dark corners of your site?

This collection of articles from the PHP Dev Center on ONLamp.com answer these questions and more. John Coggeshall, the PHP Foundations columnist, explores the techniques crackers might use to exploit your site and demonstrates not only how to thwart those attacks but how to think to preventatively. Clancy Malcolm, an experienced open source consultant and developer, presents ten practical techniques to make sure your code and sites are secure.

Security is a process and, unfortunately, often a race through dark places. You don't know who's out there and what they know. You can, however, be confident that you've minimized your risks. This collection will help.


Featured customer reviews

Write a Review


PHP Security Collection,  November 25 2006
Rating: StarStarStarStarStar
Submitted by Frederick J Eccher Jr   [Respond | View]

PHP Security Collection
By John Coggeshall, Clancy Malcolm
PDF Price: $5.95 USD First Edition: April 2004
Format: PDF ISBN: 0-596-00741-8
Pages: 25
Description: This collection of articles from the PHP Dev Center on ONLamp.com examines security issues with PHP. John Coggeshall, the PHP Foundations columnist, explores the techniques crackers might use to exploit your site and demonstrates not only how to thwart those attacks but how to think to preventatively. Clancy Malcolm, an experienced open source consultant and developer, presents ten practical techniques to make sure your code and sites are secure.
Everything is true in the description above. The PHP Security Collection is one of many keys to PHP Security. It is a good way to improve security experience of beginners to experts. Even experts should consider the price a steal if their security collection is to be thorough.

A number of the learning issues are explained in a series of good examples. I think it is important to develop code in general using the same thought processes the authors’ use.

My experience agreed with almost everything written. I am a member of a user group with a specialty in security. We work with concepts and code like this every month. Most members are developers and deal with this every working day. I appreciate the short and sweet code and explanation[s].

The topics start with an introduction on “Programming in Public”. This quote: “Of course, “easy” and “secure” are orthogonal concepts.” threw me right away. In linear algebra, my teacher made certain I knew what orthogonal meant. I did a web search and the definition remains the same: Independent in the sense of right angles. Here is one slightly different definition related to language and not math: Definition of orthogonality—[1] Informally, a collection of language features is orthogonal if they are independent; [2] That is, features are orthogonal if no feature is a consequence of any one of the other features; [3] Formally, a collection of features is orthogonal if for every subset, there is a language that possesses that subset of features and no features in the complementary subset.
Source: 1998 Edward F. Gehringer CSC 517/ECE 517 Lecture Notes, Spring 1998

Here is another slightly different definition:
“the property of an experimental design that ensures [one] factor can be evaluated without confounding the effects on the response.”
Source: http://www.gpsqtc.com/library/mnopq.shtml

Ease and secure are not orthogonal concepts. They are not independent in the sense of secure web sites or applications. Let’s skip this one and move on to: “Security is a process and, unfortunately, a race through dark places.” This is not exactly right on either. It is a process. It should not be a race. It should not take the developer through dark places. All right, all right, probably just poetic license trying to see how many people actually read introductions.

The 5 chapters are written clearly. I like that about this book. No long winded explanations of useless trivia here. Get right to the point and stay there. The code is clear and helps understanding the issues presented by the authors. Some of the points needed more code. In “What to look for” on page 4 of 25, ‘file’ has enough of a coded explanation but ‘readfile’, ‘fopen’, ‘include’, and ‘require’ do not. Having a little more code would help beginners who might not know where to go to figure out what to do when what to look for returns a positive result.

The topics are useful and helpful in just about any language. They are specific to PHP in a few instances, but most are general issues that need to be taken care of with any programming language. On page 11, “Beyond the Code – A strong security design” might have been a little too brief. Three bullet points will not scratch the surface of a strong security design. I would have dropped that section entirely.

When I read the first sentence in PHP Security, Part 1, I knew something was up. I searched for the article and found this: “In my last two columns (Common Style Mistakes, part one and Common Style Mistakes, part two), I discussed some common bad practices to avoid when writing PHP scripts which can make them more difficult to read and more prone to bugs.” So in the third chapter of the book, a generic reference to what looks like the previous two chapters is really to two other articles. HMMMMMMMMM….

I thought the discriminations made about the PHP error model, messages, and caveats were very important. Custom error handlers are an interesting set of issues with a bit of good code for explanation. This is valuable knowledge worth your time to read and digest as thoroughly as possible.

The book is in .PDF format. I like that feature. You can buy this online through the O’Reilly shopping cart and then download it.

The 25+ pages were easy to read and understand. I read it in one evening. There were a few typos and grammar errors, but not very many. The book is for someone who is a little more than a beginner. More experienced people should look it over to make sure they are up to speed with these authors.

I would give this book 4 out of 5 stars. I recommend this book for everyone starting with a journeyman [more than a complete beginner] and moving through the rest of the ranks of experience. Since it is such a quick and easy read, you might be missing something unless you check your knowledge against these experts.

Frederick J Eccher Jr November 25, 2006
MBA
M.S. Management of Information Systems
A.B. Psychology
B.A. Biology
President, Board of Directors, Saint Louis Visual Basic Users Group
rick@stlvbug.net



Read all reviews

PHP Security Collection
See larger cover

Got a Question?






Favicon Service and support by Satisfaction