Andrew Hutchings wrote:
> I prefer prepared statements and would use them all the time if
> it wasn't for the fact that those queries aren't cached until
> recent versions of MySQL 5.1
Use PDO. It emulates prepared statements and doesn't avoid the query cache:
$db->setAttribute(PDO::ATTR_EMULATE_
Andrew Hutchings wrote:
> Avoid the O'Reilly one as it is flawed.
Hollow claims are disrespectful and harmful to professional discourse.
Perhaps you are motivated to persuade others that this is true and will
do so at any cost, even if it means spreading misinformation. I'm aware
of one person who
At 11:23 AM -0400 7/4/07, Andrew Hutchings wrote:
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED](Mark Kelly) wrote:
Hi.
On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote:
Avoid the O'Reilly one as it is flawed.
In what way?
Its written by Chris Shiflett, isn't that enou
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED](Richard Davey) wrote:
> I actually agree with you about Ilia's book, it is the best of the
> three available (the Pro PHP Security one is certainly the worst),
> although there are areas where even Ilia basically shrugs his
> shoulders in the text
Hi Andrew,
Wednesday, July 4, 2007, 8:29:51 PM, you wrote:
> I have no doubt he is a great bloke and a great public speaker / PR
> for PHP application level security, I apologise if it sounded like
> FUDing (why does that sound dirty?). I just don't like / agree with
> his book or some of the se
On Wed, Jul 04, 2007 at 11:36:06AM -0700, bruce wrote:
> andrew...
>
> are you sure about this... i would have thought that if you have an apache
> user 'apache' and allow php to be run as/by 'apache' than this would provide
> complete access to anything php needs to do as 'apache'.
>
> this shou
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED](Richard Davey) wrote:
> Hi Andrew,
>
> Wednesday, July 4, 2007, 4:23:38 PM, you wrote:
>
Avoid the O'Reilly one as it is flawed.
>>>In what way?
>> Its written by Chris Shiflett, isn't that enough reason?
> No, not really. T
In article
<[EMAIL PROTECTED]>quickshifti
[EMAIL PROTECTED] ("Nathan Nobbe") wrote:
> [EMAIL PROTECTED]
> Content-Type: text/plain; charsetãO-8859-1;
> format\owedContent-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> the root user issue aside, i still dedicate a separa
In article
<[EMAIL PROTECTED]>[EMAIL PROTECTED]
("bruce") wrote:
> andrew...
>
> are you sure about this... i would have thought that if you have an
> apache user 'apache' and allow php to be run as/by 'apache' than this
> would providecomplete access to anything php needs to do as 'apache'.
the root user issue aside, i still dedicate a separate file in /var/log
for my php apps.
-nathan
On 7/4/07, Andrew Hutchings <[EMAIL PROTECTED]> wrote:
In article
<[EMAIL PROTECTED]>[EMAIL PROTECTED]
("bruce") wrote:
> andrew...
¾
> are you sure about this... i would have thought that if yo
'group' for the apache err log
files be accessed by this user...
so.. i ask again.. are you sure about this..
-Original Message-
From: Andrew Hutchings [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 04, 2007 10:39 AM
To: php-general@lists.php.net
Subject: Re: [PHP] Re: php secur
Hi Andrew,
Wednesday, July 4, 2007, 4:23:38 PM, you wrote:
>>> Avoid the O'Reilly one as it is flawed.
>> In what way?
> Its written by Chris Shiflett, isn't that enough reason?
No, not really. The errata are clearly published online, and while you
could argue that some of them shouldn't ha
Andrew Hutchings wrote:
> In article
> <[EMAIL PROTECTED]>quickshift
> [EMAIL PROTECTED] ("Nathan Nobbe") wrote:
>
>> --=_Part_178329_18179255.1183569772294
>> Content-Type: text/plain; charset=ISO-8859-1;
>> format=flowedContent-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>>
>
In article
<[EMAIL PROTECTED]>quickshift
[EMAIL PROTECTED] ("Nathan Nobbe") wrote:
> --=_Part_178329_18179255.1183569772294
> Content-Type: text/plain; charset=ISO-8859-1;
> format=flowedContent-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> this is getting good; i want to kno
this is getting good; i want to know why its *flawed* now too.
no pressure :)
-nathan
On 7/4/07, Stut <[EMAIL PROTECTED]> wrote:
Andrew Hutchings wrote:
> In article <[EMAIL PROTECTED]>
> [EMAIL PROTECTED](Mark Kelly) wrote:
>
>> Hi.
>>
>> On Wednesday 04 July 2007 13:01, Andrew Hutchings w
Andrew Hutchings wrote:
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED](Mark Kelly) wrote:
Hi.
On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote:
Avoid the O'Reilly one as it is flawed.
In what way?
Its written by Chris Shiflett, isn't that enough reason?
There's no need
On Wed, 2007-07-04 at 11:23 -0400, Andrew Hutchings wrote:
> In article <[EMAIL PROTECTED]>
> [EMAIL PROTECTED](Mark Kelly) wrote:
>
> > Hi.
>
> > On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote:
>
> >> Avoid the O'Reilly one as it is flawed.
>
> > In what way?
>
> Its written by
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED](Mark Kelly) wrote:
> Hi.
>
> On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote:
>
>> Avoid the O'Reilly one as it is flawed.
> In what way?
Its written by Chris Shiflett, isn't that enough reason?
--
Andrew Hutchings - LinuxJed
Hi.
On Wednesday 04 July 2007 13:01, Andrew Hutchings wrote:
> Avoid the O'Reilly one as it is flawed.
In what way?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED]("Ross") wrote:
> http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350?initialSearch
>
> =1&url=search-alias%3Daps&field-keywords=php+security&Go.x=0&Go.y=0&Go
> =Go
>
> looking at the top 3 on the list here, personally I quite like the
>
20 matches
Mail list logo
