Crispin Cowan wrote: > Gezim Hoxha wrote: >> 1.) If I have to write PHP, how do I write secure PHP? Give me a number >> of ensures that I can follow and check-mark each and live a happy >> life--for the most part. >> > Program defensively: [snip] > Test your system: [snip] There's at least one book out on PHP security. Is there anyone here who has used it and has comments? I'm not experienced enough in PHP to judge: Pro PHP Security by Chris Snyder and Michael Southwell Apress © 2005 (528 pages) ISBN:1590595084 > Wrap it in AppArmor http://en.opensuse.org/AppArmor for when you screw > up ^W^W don't do all the above perfectly. But that's only available if you're using Suse, right? What about hardened PHP, modsecurity, putting Apache in a chroot jail, that sort of thing? Sheryl
