NYCPHP Meetup

[inforequest]

Baer, Jon jbaer-at-VillageVoice.com |nyphp dev/internal group use| wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>For 1 Id highly recommend Chris Shifflet's book Essential PHP Security
>...
>
>http://phpsecurity.org/
>
>There are a few free chapters there ... 
>
>For your second question it would probably be worth while to check out a
>few open source PHP frameworks like CakePHP or Symfony + look over there
>techniques and hop on the mailing lists and post a few specific
>questions, a good example is the Security component in CakePHP, much of
>your "filtering" and "sanitizing" should be something you should not
>have to code up yourself.  
>
>Also a good resource is http://www.owasp.org
>
>- - Jon
>  
>
Normally I'd keep out of this cause I'm not a reliable programmer, but I 
do need to stay up to speed and since you're looking at object php I 
have to second Jon's suggestion of looking at the symfony or cake code 
base (I like phpwact... it's just so easy to read). The code is well 
documented and many many concerned and opinionated eyeballs contribute 
to it. Of course the *discussions* are the textbook.... the code 
repository is only a static view of the momentary concensus.

Then again, you wanted to buy a book.

I always liked Wayner's "Translucent Databases" for it's different 
perspective (read his website and stuff first), John Gall's classic 
out-of-print "Systemantics" again for it's world view of robustness, and 
Shiflett's PHP book because, well, it's THE book to own on PHP security. 
It's the only "essential" book I agree is essential.



-=john andrews
http://www.seo-fun.com