Andrew Hutchings wrote: > Avoid the O'Reilly one as it is flawed. Hollow claims are disrespectful and harmful to professional discourse. Perhaps you are motivated to persuade others that this is true and will do so at any cost, even if it means spreading misinformation. I'm aware of one person who does exactly this, so maybe you're just a victim of his propaganda. I'll give you the benefit of the doubt and assume the latter. The entire errata is published online and has been maintained very diligently: http://phpsecurity.org/errata I would argue that none of these errors constitute poor security advice, whereas I can't say the same for the other books I've read on the subject. (I don't want to disparage anyone's hard work, and feel free to discount my opinion as biased.) The errata is there for you to form your own opinion, and if you actually do know about something that isn't listed, then please disclose it. "Put up, or shut up." There's nothing worse than poor security advice, but the fear of being wrong can't prevent us from sharing what we've learned. I have nothing but contempt for those who, for their own personal benefit, want to silence and discredit the people who are trying to help. The PHP community is one of the most open, friendly, and helpful communities around, and I think we are also one of the most security-conscious as a result. If you'll look through the reviews, you might notice that many leading PHP and web application security experts highly recommend it: http://phpsecurity.org/reviews Are all of these people fools, or is it really a good book? Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
