Hi Andrew, Wednesday, July 4, 2007, 8:29:51 PM, you wrote:
> I have no doubt he is a great bloke and a great public speaker / PR > for PHP application level security, I apologise if it sounded like > FUDing (why does that sound dirty?). I just don't like / agree with > his book or some of the security articles he wrote (again, I haven't > read them in quite a while). I think Ilia's book is a lot better. Fair enough. This wasn't actually obvious from your one sentence personally directed comment my reply was based upon. I actually agree with you about Ilia's book, it is the best of the three available (the Pro PHP Security one is certainly the worst), although there are areas where even Ilia basically shrugs his shoulders in the text and says "you can never have it 100%" and sort of gives up on you :) All three books are now well behind the times though imho. > I also agree that awareness is no bad thing, but people should also > be aware he is not the be all and end all of PHP application level > security, and he has made mistakes (as have I and probably everyone > else here at some point). Sure, no-one is perfect :) I remember asking him years ago why he wanted to concentrate on PHP Security explicitly, and his response was simply that he wished he didn't have to, but no-one else was, and ultimately in his ideal world PHP would be secure enough 'out of the box' that he need not have to focus at all. Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk "Never trust a computer you can't throw out of a window" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
