For anyone interested, here's a nice book to get anyone started on PHP Security: http://oreilly.com/catalog/9780596006563/index.html Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com Stut wrote: > On 17 Jul 2008, at 21:56, Robert Cummings wrote: >> On Thu, 2008-07-17 at 15:46 -0500, Micah Gersten wrote: >>> What can help is if one app only has access to it's own DB. Also, for >>> mysql, there is the mysql_real_escape_string function for a reason. >> >> Well I agree with that of course... but the post by Stut indicated the >> interviewee thought he could punt all DB security to the DBA. Obviously >> it's important that the app developer use appropriate programming >> techniques to achieve security in conjunction with the DBA. > > My main point was that security is the responsibility of everyone on > the team whether it's explicitly part of their job spec or not. A > candidate who doesn't see that without prompting will not be getting > any further in my interview process. > > -Stut > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
