[...]... written in (or scripted with) PHP, are vulnerable to attack and misuse We therefore sometimes discuss secure practices in general, without any particular reference to PHP More important, however, we also focus on how the PHP programming language can help your efforts at security, and so we aim to provide PHP developers with an everyday toolset of secure coding practices and security- related subsystems that... version 5 of PHP, which was originally released on 13 July 2004 As we discuss in Chapter 4, we believe strongly that you have the best chance of ensuring the security of your online application if you are careful always to have the most upto-date versions of the software you are using PHP 5 offers not just enhancements to simplify and facilitate your programming, but also significant security advances... entire production team at Apress We want to give special thanks to our Lead Editor, Jason Gilmore, and our Technical Reviewer, Timothy Boronczyk, for their always thoughtful and helpful comments on the text; to our Project Manager, Beth Christmas, for her patience and prodding as things went slowly; to our Copy Editor, Ami Knox, for catching all those little details that slipped by; to our Production... Root-Level Commands 420 Resource-Intensive Commands 421 Making Dangerous Operations Safe 422 Create an API for Root-Level Operations 422 Queue Resource-Intensive Operations 423 Implementation Strategies 433 Handling Resource-Intensive... need this book if you are a programmer responsible for creating and maintaining online applications that involve secure data And you need this book even if you are a programmer who is not responsible for creating and maintaining secure online applications, for security threats are not confined to collecting what should be private information If you are not a programmer, but a project manager or even an... doing to permit you to adapt them to your own environment if it is different Such Apache-MySQL -PHP (AMP) environments are most commonly associated with some version of a unix-like operating system, although they work well also with Microsoft Windows operating systems Where we provide techniques that assume a unix-like operating system, we will again try to guide you toward implementing similar solutions... develop next-generation websites and services for nonprofit organizations He is a member of the Executive Board of New York PHP, and has been looking for new ways to build scriptable, linked, multimedia content since he saw his first Hypercard stack in 1988 ■ MICHAEL SOUTHWELL is a retired English professor who has been developing websites for more than ten years in the small business, nonprofit, and... security advances over previous versions If you are serious about security, you need to use it If for some reason you are stuck using PHP 4, you should still be able to take advantage of many of the concepts we present, even if you will have to modify any PHP 5-specific code We will generally not require the use of any external libraries or third-party classes SnyderSouthwell_5084Front.fm Page xxv Thursday,... book is divided into four parts and 24 chapters Part 1, The Importance of Security In Part 1, we discuss the philosophy of secure programming • Chapter 1, “Why is Secure Programming a Concern?”: In Chapter 1, we discuss what security means in the context of an online application, and we describe the wide variety of threats your PHP scripts may encounter Part 2, Maintaining a Secure Environment In Part... use PHP and the encryption algorithms that we discussed in the previous chapter to help ensure the security of your passwords and confidential data • Chapter 7, “Securing Network Connections I: SSL”: In Chapter 7, we discuss the Secure Sockets Layer and Transport Layer Security network protocols • Chapter 8, “Securing Network Connections II: SSH”: In Chapter 8, we discuss the Secure Shell network protocol . class="bi x0 y0 w0 h0" alt="" Pro PHP Security ■■■ Chris Snyder and Michael Southwell SnyderSouthwell_5084Front.fm Page i Thursday, July 28, 2005 4:00 PM Pro PHP Security Copyright © 2005 by Chris. to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-8 00-SPRINGER, fax 20 1-3 4 8-4 505, e-mail `cUVcd_j1dacZ_XVcdS^T`^, or visit. information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219, Berkeley, CA 94710. Phone 51 0-5 4 9-5 930, fax 51 0-5 4 9-5 939, e-mail Z_W`1RacVddT`^, or visit Yeea+ hhhRacVddT`^. The