PHP Security
There are many PHP users out there who probably don’t come from a computer science background; after all, it is probably the most accessible server-side technology out there so why shouldn’t more people have access to building dynamic, data-driven web sites/applications? However combine this with the very nature of the PHP rapid application development model and various PHP frameworks/content management systems and there are possible (and well documented) security issues. My guess is that some people are just not aware of these issues due to inexperience, others overlook them in their rush to get the job done quickly and some might even think because they are using a pre-built framework/CMS that the issues have already been taken care of. Classic asp had similar issues which were dealt with in the rollout of asp.net (particularly v2.0 onwards).
I’m not going to list all the issues (well known ones include cross-site scripting vulnerabilities, SQL injection and session hijacking) but suffice to say there is much online discussion (some productive and some not so) and additionally a rather decent book: ‘Essential PHP Security’ by Chris Shiflett available from Amazon and other good bookstores.
Kirsten, or the K-dog as he is known on the mean streets of his North London home, is the pater familias of UVd and has seen the company through nearly a decade of trading in Brick Lane, East London (be wary of 'back in the day' stories). Experienced snowboarder, footballer, gardener and general healthy person. Do not underestimate his ability to gain injury from any one of these extreme sports!
Leave a Reply