{SPAM?} Re: [UPHPU] PHP4 vs PHP5 on security

[Orson Jones]

I actually just read that book. Good easy short read. I just picked it up at the library. I don't know that it would be comprehensive enough to keep in my personal library, But it does give you a good understanding of what cross site scripting and other common web vulnerabilities are and how to prevent them. The solution is simple. Don't trust anything that comes from outside your script, and don't output to web/database without using a good filter. It does go into some detail on how to do it though.

Orson

Jason Porter wrote:
> Oh I hit send too fast - I meant to add to check out the book "Essential
> Security" by Chris Schifflet - it's small and very readable and packed
> with good info and makes a great checklist guide.  I got it on Amazaon
> for like $15.
> 
> 
> Jason Porter wrote:
> > What's the general consensus as far as security goes in PHP5 vs PHP4?  I
> > very well could be wrong, but I thought PHP5 was just as secure as PHP4.
> >  Thoughts?
> >
> >   
> Probably 90+% of security is your code and organization so that's where
> to concentrate.  Newer versions might have additional helper functions
> or in  case of PHP5 have register globals defaulted to off to make
> things easier.
> 
> I think we are going to have an upcoming meeting on security (Richard?)
> which would be a great time to discuss this kind of stuff.