[PHP] Surge 2011 CFP Deadline Extended
OmniTI is pleased to announce that the CFP deadline for Surge 2011, the Scalability and Performance Conference, (Baltimore: Sept 28-30, 2011) has been extended to 23:59:59 EDT, April 17, 2011. The event focuses upon case studies that demonstrate successes (and failures) in Web applications and Internet architectures. New this year: Hack Day and Unconference on September 28th. For information about topics: http://omniti.com/surge/2011. Get inspired by the 2010 sessions, now online at (http://omniti.com/surge/2010) 2010 attendees compared Surge to the early days of Velocity, and our speakers received 3.5-4 out of 4 stars for quality of presentation and quality of content! Nearly 90% of first-year attendees are planning to come again in 2011. For more information about the CFP or sponsorship of the event, please contact us: surge (AT) omniti (DOT) com. -- Katherine Jeschke Marketing Director OmniTI Computer Consulting, Inc. 7070 Samuel Morse Drive, Ste.150 Columbia, MD 21046 O: 410/872-4910, 222 C: 443/643-6140 omniti.com circonus.com
[PHP] Security Question
hey guys/girls, whats the best way to learn about security in php? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Question
[snip] whats the best way to learn about security in php? [/snip] Study, study, study! Chris Shiflett is a recognized expert on PHP security - http://shiflett.org/ He has a great book on PHP Security - http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet t-20 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Question
Best way to learn about security of something is to learn how to break it... On Apr 8, 2011 3:55 PM, Jay Blanchard jblanch...@pocket.com wrote: [snip] whats the best way to learn about security in php? [/snip] Study, study, study! Chris Shiflett is a recognized expert on PHP security - http://shiflett.org/ He has a great book on PHP Security - http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet t-20 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Question
On Fri, Apr 8, 2011 at 3:24 PM, nighthawk1256 er...@ns.sympatico.ca wrote: hey guys/girls, whats the best way to learn about security in php? Here are some relevant topics to consider: - Validate input (only accept what you're expecting, via GET, POST, and COOKIE, and don't try to fix an invalid value, throw it out.) - Use prepared statements (PDO makes this easy and generalizes quite well across popular DB's.) - Only give the bare minimum permissions required to accomplish a task (e.g., I usually have one SQL user account for reads, and one that allows for reads and writes.) - When errors occur, don't leak important system information to your users. - Hash passwords (with a salt) that are stored so you're never storing the literal value. - If you use an authentication system that's implemented with cookies (sessions-based or custom), all requests should run over https instead of http. - Escape output according to context (html, attribute, or url.) If you google the above topics, you'll find some great sites/blogs that address these topics in detail. Adam P.S. - Or, you can just use my one-file web framework which helps you automatically address all but the https issue above :) Sorry, it's a Friday so I couldn't resist the shameless plug. -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
[PHP] pick a card, any card...
in otherwords, the entire idea of picking one of N objects, whatever they are- strings, numbers, gummybears, lined up in a listing, and return the one item selected. This seems a common enough function there should be a simple way to do it already in php. HOWEVER, I ain't findin' it that way, no sir/maam/other. Maybe I am missing the obvious SIMPLE way to get the job done. So if we have a listing of foo's, we can title this $listing, and we want 1 of them to be returned, we should see something like: randmember($listing) and if the listing was A,B,C,D,F and it defaulted to return one of them, a valid return would be C for example. opho does not seem to have a function in it, or loadable into it, to accomplish this; I have to write some long winded and complex thing to get the job done, and that's a bloody shame. Any discussion? -- end Very Truly yours, - Kirk Bailey, Largo Florida kniht +-+ | BOX | +-+ think -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pick a card, any card...
On Apr 8, 2011, at 8:20 PM, Kirk Bailey wrote: in otherwords, the entire idea of picking one of N objects, whatever they are- strings, numbers, gummybears, lined up in a listing, and return the one item selected. This seems a common enough function there should be a simple way to do it already in php. HOWEVER, I ain't findin' it that way, no sir/maam/other. Maybe I am missing the obvious SIMPLE way to get the job done. So if we have a listing of foo's, we can title this $listing, and we want 1 of them to be returned, we should see something like: randmember($listing) array_rand() - it's already built-in - http://php.net/manual/en/function.array-rand.php Scotty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
