In article <1625128781.20070704192633@xxxxxxxxxxxxx> rich@xxxxxxxxxxxxx(Richard Davey) wrote: > Hi Andrew, > > Wednesday, July 4, 2007, 4:23:38 PM, you wrote: > >>>> Avoid the O'Reilly one as it is flawed. >>> In what way? >> Its written by Chris Shiflett, isn't that enough reason? > No, not really. The errata are clearly published online, and while > you could argue that some of them shouldn't have existed in the text > in the first place, security is such a moveable feast that whatever > is written today will almost surely have changed within a very short > periodof time, regardless of the author. Sure, and I'm not debating the rate that security moves, or that there are newer techniques for some of the stuff. I haven't read the errata to be honest, do people ever read those? (open question) > If just one person takes something useful away from his book, that > makes them think "damn yes, I DO allow that in my scripts!", then it > was a worthwhile purchase. He (along with a number of others) have > done a wonderful job of raising the PROFILE of security (or lack > thereof) in PHP applications and the PHP world in general. Before the > likes of him and Steffan started blogging and writing about all the > issues out there it was a piss-poorly covered area that > mostdevelopers (*especially* new ones) ignored or were not even aware > of. > > Even if some of the techniques in the book are now flawed, the > profile and awareness he has generated did nothing to harm the PHP > community,and does not warrant your shit slinging. I have no doubt he is a great bloke and a great public speaker / PR for PHP application level security, I apologise if it sounded like FUDing (why does that sound dirty?). I just don't like / agree with his book or some of the security articles he wrote (again, I haven't read them in quite a while). I think Ilia's book is a lot better. I also agree that awareness is no bad thing, but people should also be aware he is not the be all and end all of PHP application level security, and he has made mistakes (as have I and probably everyone else here at some point). If Chris were to re-write into a second edition, then who knows, I may like it. -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
