Essential PHP Security By: Chris Shiflett Published by O'Reilly
I have a lot of respect for Chris, the author of this book, so much that I pre-ordered this book after first hearing about it on his blog. I couldn't help but think to myself "finally, a non-beginners PHP book that'll teach me all sorts of cool hacks! I can't wait to find out how vulnerable my personal website is so I can have an excuse to start working on it again!" After reading, I can't decide if I am disappointed or flattered... In other words, should I be disappointed that I really only learned ONE thing, or should I be flattered that I am apparently a very security conscious individual? Any PHP book you buy will tell you "don't trust user input" and Chris' book basically seems to say the same thing only in a much longer in-depth explanation as to why with examples provided. All of the information provided in the book is good, definately "must know" information for any serious web developer, but it wasn't really ground-breaking in terms of other books already on the market as I expected it would be. The only things I really learned were how to spoof an HTTP_REFERER, and a slight variation on an SQL injection attack. Overall I don't feel that my personal website needs a single update to prevent any of the attacks described in the book. Since I know not everyone is as uber 1337 as me, I'd recommending checking this book out. At 8 chapters and a total of 109 pages I don't think it's worth the $29.95(US)/$41.95(CAN) although I've seen enough vulnerable applications to know that this book will mean a lot to a lot of people. | DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More PHP Book Reviews Articles More By notepad developerWorks - FREE Tools! | Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br /> FREE! Go There Now!
| | | | David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve. FREE! Go There Now!
| | | | When you create browser-based applications that display XML data feeds, you often need to code the data-retrieval mechanism and the user interface. Mozilla Firefox provides an infrastructure that frees you from these tasks, so you can concentrate on your application's functionality. Learn how to use Asynchronous JavaScript + XML (Ajax) to download XML data from a Web server, and discover how you can use Extensible Stylesheet Language Transformations (XSLT) to transform it dynamically into Firefox user-interface elements expressed in XML User Interface Language (XUL). You can apply these techniques to any application that uses XML data sources. FREE! Go There Now!
| | | | JavaServer Faces (JSF) technology, a server-side framework that offers a component-based approach to Web user-interface development, has come a long way. JSF 1.2 (incorporated into Java Enterprise Edition 5) has fixed some JSF pain points and added some nice features. This tutorial series covers how to get started with JSF 1.2. It's heavy on examples and light on theory -- just what you need to get started quickly. FREE! Go There Now!
| | | | In this tutorial, you can learn how to install and configure the IBM Rational Asset Manager Eclipse client, explore the different views in the Asset Management perspective, learn various search techniques, work with existing assets, and submit a new asset. FREE! Go There Now!
| | | | IBM DB2 9.5 provides new options for tighter security, and allows for more granularity and flexibility in administration of the database. This tutorial is the first of two tutorials that cover roles and trusted contexts. Follow the exercises in this tutorial, and learn how to take advantage of the new DB2 feature roles in combination with other essential e-business technologies such as Web services, Web application server, and DB2 database server. FREE! Go There Now!
| | | | Rational Build Forge Express Edition is an automation framework that packages the latest enterprise-grade technologies into a reliable, flexible and robust configuration designed and priced specifically for small to midsize businesses. The new Rational Build Forge Express eKit provides you with valuable resources – including a case study, podcast, demo, and articles – to help you increase staff productivity, compress development cycles and deliver better software, fast. FREE! Go There Now!
| | | | Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered! FREE! Go There Now!
| | | | Learn how IBM Rational Tester for SOA Quality addresses IBM WebSphere MQ with Web services. You get hands-on experience in creating a test, handling the WebSphere MQ series protocol, configuring the test, and then replaying it. FREE! Go There Now!
| | | | The Eclipse SOA Tools Platform (STP) plug-in and Apache Tuscany simplifies services development through the use of the popular Eclipse development environment. Apache Tuscany has also been integrated with the STP to provide a Service Component Architecture (SCA) Java run time for the services you create, allowing you to annotate your service using the SCA standard and Apache Tuscany annotations. In this tutorial, you will see STP and Apache Tuscany in action, through the creation of a Remote Method Invocation (RMI) service. FREE! Go There Now!
| | | | All FREE IBM® developerWorks Tools! | |