WWW.COMPUTEREBOOK.NET
Free Computer Book Download
PHP Architects Guide to PHP Security Ebook
 | Name : PHP Architects Guide to PHP Security Type : PDF Size : 864 |
Well first of all this book weighs in at just under 200 pages. Although I don't use page counts as an indication of quality, I do use them as a gauge of how much "fluff" a book is likely to contain. I consider book fluff to be all of those early pre-amble chapters that the majority of us just skip over in our bid to get to the real meat. Thankfully Ilia is merciful in this respect, and other than a quick foreword by Rasmus Lerdorf and a brief introduction we are straight into the good stuff from as early as page 21.
The book is split into 10 chapters starting with Input Validation. As you may well expect this is kicked off with a good summary of the Register Globals issue. Rather than just say "it's bad, don't use it" Ilia actually goes into depth to explain how it works, what happens when your variables collide and gives a good example of accidental mis-use. Rather than leave it at this we're then walked through various alternatives, with the pros and cons of each explained. Although the Register Globals issue is the one we're all most familiar with, the attention to detail given in its coverage and technical explanation sets the tone of the rest of the book.
Validating Input is then covered, and it's nice to see the book appreciate the difference that a locale can have on PHPs in-built functions. The example given shows how is_numeric("1,23") would return a false (because of the comma after the 1), yet this is a perfectly valid form of decimal notation in countries such as Germany and France. Sadly Ilia doesn't actually give you a solution for this problem, he just mentions it, but now that it has been bought to the front of your mind, you can at least cater for it. The Input Validation tips continue to flow, as it moves swiftly across string validation, content size validation, white list validation, File Uploads, Configuration settings, File Input, File Content validation, Accessing Uploaded data, file size, magic quotes, serialized data and external resource validation.
Don't forget, this is all just Chapter 1.
Subsequent chapters include Cross-Site Scripting Prevention, SQL Injection, Preventing Code Injection, Command Injection, Session Security, Securing File Access, Security through Obscurity, Sandboxes and Tar Pits and finishes with Securing Your Application.
This is a wealth of information, make no mistake about it. The Sandbox chapter in particular offers up some great ideas for building and implementing a sandbox and tar pit (methods to counter-attack hackers, rather than just preventing them). The final chapter serves as a checklist you can run through when auditing your own (or others) code - 'Avoid $_REQUEST?', check!
As you would expect from someone so tightly involved in the PHP development cycle, Ilia writes with an air of authority about this subject. It is plainly obvious that he fully understands what is going on deep inside PHP at any given moment, and uses that know-how to advise the rest of us how best to approach it from above. It's a knowledge that he imparts easily and fluidly through-out this book, with virtually every paragraph containing something of genuine use.
The main thing I like about this book is that for every "this is wrong", you are nearly always shown a "but this is how you can do it" method. I find that with security more than any other area in PHP, you often hear an awful lot of "don't do this", but precious few examples of rectifying those mistakes. We've also yet to see a security book deal with any system in whole. For example taking a user management system, or a simple shopping basket system, and walking through how to ensure it is secure. Theory is all well and great, but authors can lead by example as well.
My final comment would be one of print quality. I am finding this is quite common with Nanobooks - the print quality really isn't the best. Very often large blocks of black will appear faded / striped and the covers suffer from "jaggies" around text where the colours have bled slightly. I am quite sure this can be attributed to their low cost. You can pick up two typical Nanobooks for the same price as an Apress title. And so long as you can actually read it, who cares if some pages look like they may have fallen out of a photocopier? Never judge a book by its cover and all that Even so, I thought it was worth mentioning.
P.S. I thought it was a nice touch that Ilia had signed my copy. I'm sure he did all of the first batch or something, but it was great anyway!
Keywords Ebooks:
validation Ebook security Ebook example Ebook input Ebook system Ebook
| Ebook | |
| Server | Status |
| www1.vista-server.com | Alive |
Random Ebooks
| Web Host Manager Administration Guide - Packt Publishing |
| If you are running a web host or web space reseller then the chances are you’ll be using WebHost Manager. This book shows you how to get the most from the... |
| Ubuntu Unleashed - Sams |
| Incorporating an advanced approach to presenting information about Ubuntu, Ubuntu Unleashed aims to provide the best and latest information that intermediate to... |
| The Little SAS Book for Enterprise Guide 4.1- SAS Publishing |
| This book has plenty of introductory material, good examples, and a comprehensive reference section aimed at more experienced users. ... |
| Local Access Network Technologies |
| The business of telecommunications is currently undergoing a period of change driven by changes in r... |
| The Microsoft Data Warehouse Toolkit: With SQL Server 2005 and the Microsoft Business Intelligence Toolset |
| This groundbreaking book is the first in the Kimball Toolkit series to be product-specific. Microsoft’s BI toolset has unde... |
| SAP Query Reporting |
| SAP Query Reporting is everything an SAP user needs to know to create your own reports in SAP using Query tools, no programming required! Designed as a hands-on... |
| Apple Pro Training Series - Final Cut Express HD |
| The only Apple-authorized guide to Final Cut Express HD 3.5, this book delivers the techniques you need to make movie magic with DV or HDV footage. Each chapter... |
| Advances in Image And Video Segmentation - IRM Press |
| Image and video segmentation is one of the most critical tasks of image and video analysis: extracting information from an image or a sequence of images. In the... |
| A Practical Guide to Red Hat Linux Fedora Core and Red Hat Enterprise Linux 3rd Edition - Prentice Hall |
| Fedora Core and Red Hat Enterprise Linux are advanced operating systems. You need a book that"s just as advanced. This book explains Linux clearly and effe... |
| CBT Nuggets Managing and Maintaining a Microsoft Windows Server 2003 Environment |
| If you want to learn about Microsoft Windows Server 2003, this is the training you need. Whether you are looking to begin an MCSE 2003 certification track or ar... |
Warning: fopen() [function.fopen]: Filename cannot be empty in /home1/ebooksix/public_html/www.computerebook.net/php/center_show_web.php on line 359
Warning: fwrite(): supplied argument is not a valid stream resource in /home1/ebooksix/public_html/www.computerebook.net/php/center_show_web.php on line 360
Warning: fclose(): supplied argument is not a valid stream resource in /home1/ebooksix/public_html/www.computerebook.net/php/center_show_web.php on line 361