PHP Security Book Ideas

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

PHP Security Book Ideas

Post by jason »

I am getting ready to pitch a book idea for a PHP Security book. I have ideas of what I would like to see in the book, but I am sure you guys have your thoughts on what you would like to see as well.

The book is of course targetting Secure PHP Programming, and will cover all aspects of Security and PHP, including the installation of PHP, SSL security in e-commerce transactions, proper coding techniques for secure PHP applications, proper use of PHP sessions and cookies, a secure php.ini setup, as well as common problems in PHP programs, and how they are solved. I also have an idea for presenting the book in almost a cookbook fashion, like PHP Security Cookbook sort of thing, but I know not sure.

Anyways, I would like to get your opinion on what you would like to see in such a book.
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

Shell/System execution security.

E-com and cc-usage is common task, so probably something about use of GPG and OpenSSL, strong warnings and info on why any type of symetric cipher use for sensitive info (like CC nums) is insanse in a shared-hosting environment as well as a out-of-the-box standard dedicated hosting machine (Me and Eric disagree on a few points here, I'm a bit more paranoid), why private keys should never be anywhere near such a machine nor in any email..

dont forget stripping of javascript and vbscript in posted data
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Stoker wrote:Shell/System execution security.

E-com and cc-usage is common task, so probably something about use of GPG and OpenSSL, strong warnings and info on why any type of symetric cipher use for sensitive info (like CC nums) is insanse in a shared-hosting environment as well as a out-of-the-box standard dedicated hosting machine (Me and Eric disagree on a few points here, I'm a bit more paranoid), why private keys should never be anywhere near such a machine nor in any email..

dont forget stripping of javascript and vbscript in posted data
No I agree with you. The only time symmetric encryption or server-side private keys make sense are on dedicated hosts where the admin knows what s/he is doing and has locked stuff down. I never said my box was a out-of-box standard dedicating host :)

Check out the list of topics in I was hoping to get into my security tutorial series for other ideas....
Post Reply