Re: Re[4]: [PHP] Re: php security books

epared statements and would use them all the time if it wasn't for the fact that those queries aren't cached until recent versions of MySQL 5.1 Anyway, I'm rambling now ;) -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows l

Re: Re[2]: [PHP] Re: php security books

ould also be aware he is not the be all and end all of PHP application level security, and he has made mistakes (as have I and probably everyone else here at some point). If Chris were to re-write into a second edition, then who knows, I may like it. -- Andrew Hutchings - LinuxJedi - http://www

Re: RE: [PHP] Re: php security books

er issue aside, i still dedicate a separate file in > /var/logfor my php apps. If is a separate file then that is cool, in fact being in /var/log you could even have it rotate with log_rotate (well you could do that anywhere really, but for completeness...). -- Andrew Hutchings - LinuxJedi - http:

Re: RE: [PHP] Re: php security books

#x27; for the apache > err logfiles be accessed by this user... If you do this then it is possible for a apache process using PHP to read the error logs and an abused script could show a potential hacker the layout to your site or other useful information. > so.. i ask ag

[PHP] Re: Re 2D: [ 2CPHP 2D] 2CRe 2D: 2Cphp security books

e is not one of themAFAICT. You are entitled to your opinions, and I am entitled to mine. If you believe I am spreading FUD, so be it. But that example _is_ a security flaw. -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows leads to B

Re: [PHP] Re: php security books

; this is getting good; i want to know why its *flawed* now too. > > no pressure :) > OK, well, for example page 3 of the book suggests making PHP output errors into Apache's error_log. To do this on Linux it means PHP would have to be run as root. -- Andrew Hutchings - LinuxJ

[PHP] Re: Re 2D: [ 2CPHP 2D] 2CRe 2D: 2Cphp security books

In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Stut) wrote: > Andrew Hutchings wrote: > > In article <[EMAIL PROTECTED]> > > [EMAIL PROTECTED](Mark Kelly) wrote: > > > >> Hi. > >> > >> On Wednesday 04 July 2007 13:01, Andr

Re: [PHP] Re: php security books

In article <[EMAIL PROTECTED]> [EMAIL PROTECTED](Mark Kelly) wrote: > Hi. > > On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote: > >> Avoid the O'Reilly one as it is flawed. > In what way? Its written by Chris Shiflett, isn't that en

[PHP] Re: php security books

to read Chris Snyder's one yet but it has the worst amazon rating of the 3. -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Wind

Re: [PHP] Re: how PHP is batter?

ave pechant for >> covering marsbars with the stuff and deepfrying them? > The aussies do it too - are we just as crazy as the scots? Didn't we used to ship convicted criminals to Auz? That would explain the craziness ;) -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.

[PHP] Re: PHP 4.4.6 Released!

se release fixes a crash that wasn't introduced until this release. That's clever ;) Regards Andrew -- Andrew Hutchings - Linux Jedi - http://www.linuxjedi.co.uk/ A-Wing Internet Services - http://www.a-wing.co.uk/ Windows is the path to the darkside...Windows leads to Blue Screen. B