This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL:
http://shiflett.org/php-security.pdf
It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics.
Nice article. Most of the stuff was common sense to me (and I was glad I was doing those things unconsciously). However, I do have issue with one paragraph:
Page 29,
* Using POST rather than GET in forms.
"Specify POST in the method attribute of your forms. Of course, this isn't appropriate fot all your forms, but it is appropriate when a form is performin an action, such as buying stocks. In fact, the HTTP specification requires that GET be considered safe."
Don't you mean "In fact, the HTTP specification requires that POST be considered safe?" Didn't make sense to me when I read it last night.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
