On Wed, 3 Nov 2004 19:02:22 -0800 (PST), Chris Shiflett <shiflett@xxxxxxx> wrote: > There is a lot more. I highlight some of the things I think are of > principal concern for PHP developers in something I call the PHP Security > Workbook: > > http://shiflett.org/php-security.pdf > > That doesn't cover everything, of course, but it covers those things I > have chosen as most important when I only have three hours to talk about > security concerns. :-) > Chris, Many thanks for this link to your workbook. Really is a valuable read as it puts together the main security concerns. It helped me to see another point of view in some things. Just have to ask: Which method for data filtering you think is best for a modular site? the dispatch method (page 8) or the include method (page 10)? I specially like the dispatch method as I use my own private server (VPS) and have all modules outside the document root. This way, all scripts must be called by the dispatcher wich provides al security checks. As scripts are outside the document root, you cannot run them directly bypassing the dispatcher, and the security checks ... In my document root, the dispatcher is the only available script. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
