On Jun 29, 2011, at 1:45 PM, Ferenc Kovacs wrote: > On Wed, Jun 29, 2011 at 10:27 PM, Anthony Ferrara <ircmax...@gmail.com> wrote: >> Tyrael, >> >> I'd be all for such an effort. Either copying existing documentation >> (that's not on docs), or expanding the current docs as needed. >> >> Where do we start? >> >> Anthony >> > > I think the first step would be to create a Table of contents to see > what do we want to put together(this could go to the wiki), and how to > categorize it. > We should also figure out how to merge that with the currently > available security docs (http://php.net/manual/en/security.php), and > start adding the missing pieces to the docs. > I'm also curious what others think about this idea.
The wiki will work great for sketching out the TOC. And it's a wonderful idea to take security seriously so let's focus and move on this. Granted it will be off-topic at times (not directly about PHP) but that's okay, because our main target audience needs it. Most people on #php.doc agree. This also includes 'best practices' which, for example, will teach people about why/when/how to use prepared statements using the likes of PDO and mysqli. And in that case, several manual pages (e.g., mysql_query()) will link to it and probably include a brief <note>. PHP 5.4 is removing directives like register_globals, safe_mode and maybe magical quotes, so let's also cover these. And in the meantime, people should feel free to update the current security documentation in SVN. Regards, Philip
