Product Description

Security is a hot topic these days, with new exploits and patches released on a daily basis for all sorts of operating systems and applications.

Recently, the security bubble has expanded to touch the PHP world, and several well-known applications have been the target of a great number of attacks.

Despite all the negative publicity, however, PHP is and remains a very stable--and very secure--programming environment. php|architect's Guide to PHP Security, written by security expert (and frequent php|architect contributor) Ilia Alshanetsky, provides you with a guide that covers everything you need to secure existing PHP applications and write new ones with security in mind.

* Provides techniques for both PHP 4 and PHP 5
* Includes a step-by-step guide to securing your applications
* Provides comprehensive coverage of security design
* Teaches you how to defend yourself from hackers
* Shows you how to distract hackers with a "tar pit" to help you fend off potential attacks

Rather than drowning you in overlong explanations, this book focuses on providing you with accurate information on proper security techniques, and showing you a step-by-step approach to writing applications that are stable, secure and reliable.

Product Details

• Amazon Sales Rank: #303549 in Books
• Published on: 2005-09-05
• Original language: English
• Number of items: 1
• Binding: Paperback
• 200 pages

From the Back Cover
With the number of security flaws and exploits discovered and released every day constantly on the rise, knowing how to write secure and reliable applications is becoming more and more important every day.

Written by Ilia Alshanetsky, on eo fhte foremost experts on PHP security in the world, php|architect's Guide to PHP Security focuses on providing you with all the tools and knowlege you need to both secure your existing applications and writing new systems with security in mind.

The books gives you a ste-by-step guide to each security-related topic, providing you with real-world examples of proper coding practices and their implementation in PHP in an accurate, concise and complete way.

About the Author
Ilia Alshanetsky is the principal of Advanced Internet Designs, Inc., a company that specializes in security auditing, performance analysis and application development.

He is the author of FUDforum, a highly popular, Open-source bulletin board focused on providing the maximum functioanlity at the highest level of security and performance.

Ilia is also a core PHP developer who authorer or co-authored a series of extensions, including SHMOP, PDO, SQLite, GD and ncurses. An active member of PHP's Quality Assurance Team, he is responsible for hundreds of bug fixes, as well as a sizable number of performance tweaks and features.

Ilia is a regular speaker at PHP-related conferences worldwide and can often be found teaching the Zend Certification Training and Professional PHP Development courses that he has written for php|architect. He is also a prolific author, with articles for php|architect, International PHP Magazine, the Oracle Technology Network, Zend.com and others to his name.

Customer Reviews

Excellent broad strokes coverage
Overall, an excellent resource for security. It's small size means that that topics are narrow enough to be digested and acted upon individually.

An OK book, but lots of errors and examples weren't great
As a programmer with 7 years experience, I already had a fair amount of knowledge about PHP security, but it was all self-taught. I will say that I was able to learn a few new things and pick up a few strategies from this book.

Overall, I wouldn't say I was disappointed with the book, but I definitely wasn't impressed. There were numerous misspellings, typos, and (in a few cases) words missing altogether. With my knowledge I considered these typos to be fairly minor, but someone with less experience may become confused by a few of them.

In one case, a variable in one of the coding examples was actually mis-keyed. If someone were to copy the example verbatim, it would not behave as expected. That type of error should never occur in a book like this.

The various chapters do contain useful information, but the code examples are pretty lame. Don't buy this book if you're looking for specific, real-world, useful examples on how to implement your security measures, but if you already have enough PHP experience to figure out ways of implementing the *concepts* presented in this book, then it may be worthwhile picking up.

Experienced PHP programmers with some security experience will probably find a few useful tidbits, and anyone looking to truly maximize the security of their web applications would definitely benenfit from the sheer number of concepts presented in this book. However, many PHP developers will likely agree that a number of the concepts presented are somewhat superfluous, or rendered obsolete by other concepts.

In many cases the author will provide a concept for securing an application, provide an example of how to do it, and then proceed to explain why that method is NOT the best method to use. Someone looking for a quick-use reference manual of the most effective ways to secure your application will probably not enjoy this book.

BOTTOM LINE: there's gotta be better books on PHP security available for beginners, intermediate developers, and professionals alike. Only buy this book if you're interested in a large number of concepts and don't care about clear and specific examples of real-world implementation.

Advice to the Author/Publisher: Fix the typos and put the missing words back in! Expand on your code examples and provide more real-world application. Choose better naming conventions for your variables in your examples - no one wants to guess at what the variable "$e" represents, use "$elements" instead. Compile a chapter of "Top 10 security exploits and how to avoid them" using your recommended methods for the various exploits (or something similar). As it stands now, your readers not only have to work through the errors and the poor examples, they also have to decode which of your concepts are worth actually implementing, since so many of them have loopholes, provide other vulnerabilities, or simply "aren't enough" to truly secure the application.

Concise, comprehensive, essential
After a website of mine was hacked I decided I needed to be better informed about php/mysql security, so I bought this book. I now refer to it very frequently. It seems short but there's no fluff and it's right to the point. The author clearly understands the internals of php, apache and mysql very well. If you're writing php, this book is essential on your bookshelf.