Penguin Power!
Buy Linux distributions at discount prices!
Linux| Perl| PHP| Webserv| Databases| Sysadmin| Programming| Filesystems| Java| Webprog
News from Slashdot
Therapy Over IP Draws the Young, Isolated

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

Three Unexpected Data Points Describe Elementary School Quality

WSJ Says Pro-ACTA Forces Helped Drive Anti-ACTA Reactions

Google Close To Launching Cloud Storage 'Google Drive'

FAA Bill Authorizes Surveillance Drones Over US

The Lack of Scientific Philanthropy In Japan

TomTom Satnavs To Set Insurance Prices

EPIC Sues FTC Over Google's Planned Privacy Changes

What Scorpions Have To Teach Aircraft Designers


Related products:

Essential PHP Security Essential PHP Security

PHP 5 Objects, Patterns, and Practice PHP 5 Objects, Patterns, and Practice

PHP 5 Recipes: A Problem-Solution Approach (Problem-Solution Approach) PHP 5 Recipes: A Problem-Solution Approach (Problem-Solution Approach)


Ajax in Action Ajax in Action

Php Books

Pro PHP Security (Pro)

Php Books
Format: Paperback
Author: Chris Snyder
ReleaseDate: 29 August, 2005
Publisher: Apress
Rating:

Unless you're already well-versed in the topic ...
Well-organized, well thought out, I won't hesitate to recommend this one. Unless you're already very well-versed in the subject matter, ( sql injection, cross-site scripting, session hijacking, remote execution, sanitizing user data/input, ssh, encryption, ssl, dangers of shared-host scenarios, bulletproofing db installations, user verification, captchas, remote procedure calls ) this material is relatively comprehensive and valuable.


Finally a good book on PHP security issues
This book examines how to setup a secure environment including encryption, hashing, SSL and using PHP to connect to SSL servers. PHP applications written without a concern for security risk cross-site scripting, SQL injection, session hijacking, and a multitude of other potential problems. The authors also examine how to install and configure OpenSSH and using it with PHP applications. Of course they also deal with the usual concerns of user authentication, permissions, restrictions, validating input, preventing SQL injection, preventing cross-site scripting, preventing remote execution (including PHP code injection and embedding), security for temporary files, and preventing session hijacking. The Pro PHP Security is written specifically for PHP programmers working in the Apache, MySQL, and PHP 5 environment and is highly recommended.


Good information with lots of links to addtional resources
It's easy to read and it's organized well so you can find what you're looking for. This book is great because it's thorough and on each topic it gives lots of links to additional resources.

One of the main things I appreciate about this book is that it gives just the right amount of information. It focuses on practical usage of security techniques but I also like to know the high-level picture of how and why things got to be the way they are. This book tells me exactly what I want to know. A good example is the the section on hashing and encryption. It gives some simplified examples of how the algorithms work and talks about where they came from, which ones are better and why, and how to use them. But it doesn't dive too deeply into encryption theory which would only be interesting to someone wanting to code an encryption routine.

Some of the interesting things I learned from this book are:

1) I learned about the various hashing and encryption algorithms. Which ones are good and just how good are they. Before reading this book I couldn't have told you which is better between md5 and sha1.

2) I learned all about protecting against cross-site scripting and sql injection. I thought I had already taken enough precautions on my latest website, MarsBookmark. com, but this section pointed out some attacks I wasn't aware of. It also had links to sites with sample hack attacks you can run against your own website to see if it's vulnerable.

3) I learned how to do captcha screening to make sure people registering for my site are real humans and not robots (I haven't actually implemented this yet but I will soon). The book also pointed out something I never thought of - a hacker with a popular site can proxy registrations from your site to real people trying to register on his site and defeat your captcha by tricking people who think they are answering a captcha for his site. As usual, the author provides lots of links to other sites for more resources on captcha.

I've never before focused on security as much as I should have. Probably because all the information was not readily available in a single easy-to-digest book until this one. I'm really glad I found this book.


Go to lyrics-now.com for music lyrics and song lyrics.
Bass and guitar tablatures: Fretplay.com, Guitar tabs, Bass tabs, Fresh tabs, How to read tabs
Plan your travel and holiday here: Travel Helper!