I am getting ready to pitch a book idea for a PHP Security book. I have ideas of what I would like to see in the book, but I am sure you guys have your thoughts on what you would like to see as well.
The book is of course targetting Secure PHP Programming, and will cover all aspects of Security and PHP, including the installation of PHP, SSL security in e-commerce transactions, proper coding techniques for secure PHP applications, proper use of PHP sessions and cookies, a secure php.ini setup, as well as common problems in PHP programs, and how they are solved. I also have an idea for presenting the book in almost a cookbook fashion, like PHP Security Cookbook sort of thing, but I know not sure.
Anyways, I would like to get your opinion on what you would like to see in such a book.
PHP Security Book Ideas
Moderator: General Moderators
Shell/System execution security.
E-com and cc-usage is common task, so probably something about use of GPG and OpenSSL, strong warnings and info on why any type of symetric cipher use for sensitive info (like CC nums) is insanse in a shared-hosting environment as well as a out-of-the-box standard dedicated hosting machine (Me and Eric disagree on a few points here, I'm a bit more paranoid), why private keys should never be anywhere near such a machine nor in any email..
dont forget stripping of javascript and vbscript in posted data
E-com and cc-usage is common task, so probably something about use of GPG and OpenSSL, strong warnings and info on why any type of symetric cipher use for sensitive info (like CC nums) is insanse in a shared-hosting environment as well as a out-of-the-box standard dedicated hosting machine (Me and Eric disagree on a few points here, I'm a bit more paranoid), why private keys should never be anywhere near such a machine nor in any email..
dont forget stripping of javascript and vbscript in posted data
No I agree with you. The only time symmetric encryption or server-side private keys make sense are on dedicated hosts where the admin knows what s/he is doing and has locked stuff down. I never said my box was a out-of-box standard dedicating hostStoker wrote:Shell/System execution security.
E-com and cc-usage is common task, so probably something about use of GPG and OpenSSL, strong warnings and info on why any type of symetric cipher use for sensitive info (like CC nums) is insanse in a shared-hosting environment as well as a out-of-the-box standard dedicated hosting machine (Me and Eric disagree on a few points here, I'm a bit more paranoid), why private keys should never be anywhere near such a machine nor in any email..
dont forget stripping of javascript and vbscript in posted data
Check out the list of topics in I was hoping to get into my security tutorial series for other ideas....