OK, so maybe Chris didn’t say “security is what happens between input and output.” But I do. The truth is that a PHP developer really only has control over these two deceptively simple components of the application. Sure, there are scads of other types of attacks–attacks relatively beyond the control of the PHP developer, involving …
PHPDeveloper just reported that the phpBB development server has been hacked by a politically motivated group. More details and the response from the phpBB group are on the phpBB site. What strikes me most is the phpBB slogan: “creating communities.” Why would anyone want to maliciously thwart that? I guess in a meritocracy like open …
Chris Shiflett has an interesting post on his blog wherein he declares that all PHP security vulnerabilities come from either a lack of flitering input or escaping output. In fact, he’s betting $100 that the next 4 of 5 vulnerabilities that get reported by PHP|Arch will confirm his proclamation. My question is: what other kind …
With an exciting development project ahead, some of which David alluded to in a recent blog entry, I am looking closely at what has worked in the past. I had good success implementing some of the strategies of Extreme Programming (XP) and to that end I am now partway through Extreme Programming Applied (the one …
I had my first Tuesday night adult beginners’ fencing class tonight at the Los Angeles International Fencing Center. It was great! Muscles I never knew I had are aching, but I enjoyed it thoroughly and am looking forward to next week. Who knew being tall and double jointed might actaully be an asset?
Or, “Why I Was Up So Bloody Late Last Night.” It’s true. I did a dumb thing. I used apt-get to install Apache 2.0, then tried to load up PHP5 compiled for Apache 2.0 using the recommended installers from PHP.net. I should have known that Apache was still at 1.3 (which I later discovered after …
