Hi Andrew,

Wednesday, July 4, 2007, 4:23:38 PM, you wrote:

>>>   Avoid the O'Reilly one as it is flawed.

>>  In what way?

> Its written by Chris Shiflett, isn't that enough reason?

No, not really. The errata are clearly published online, and while you
could argue that some of them shouldn't have existed in the text in
the first place, security is such a moveable feast that whatever is
written today will almost surely have changed within a very short period
of time, regardless of the author.

If just one person takes something useful away from his book, that
makes them think "damn yes, I DO allow that in my scripts!", then it
was a worthwhile purchase. He (along with a number of others) have
done a wonderful job of raising the PROFILE of security (or lack
thereof) in PHP applications and the PHP world in general. Before the
likes of him and Steffan started blogging and writing about all the
issues out there it was a piss-poorly covered area that most
developers (*especially* new ones) ignored or were not even aware of.

Even if some of the techniques in the book are now flawed, the profile
and awareness he has generated did nothing to harm the PHP community,
and does not warrant your shit slinging.


Zend Certified Engineer

"Never trust a computer you can't throw out of a window"

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to