This morning I read the Top 7 PHP Security Blunders which contained (at least in my mind) a few questionable comments about PHP security. Luckily for the early readers of the article, there was a very long comment by comments were a very nice critique of the article which also corrects a few obvious mistakes within the article itself.

The comments have now been pushed off the main article to the forum, (which is a shame) but as a developer, you would be doing yourself a disservice by not also taking the time to read the counter-point. They are insightful without being inflammatory.

The comments by Chris that he makes reference to can be found here in the SitePoint forums...]]> Wed, 21 Dec 2005 07:08:07 -0600 http://www.phpdeveloper.org/news/4532 http://www.phpdeveloper.org/news/4532 Pax Dickinson shares with us the "Top 7 PHP Security Blunders" as he sees them.

In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.

His list includes:

• Unvalidated Input Errors
• Access Control Flaws
• Cross Site Scripting (XSS) Flaws
• Data Handling Errors

There's more listed, so be sure to check out the rest of the article - each item is explained and on some, sample code is included where it makes sense...]]> Wed, 21 Dec 2005 07:04:07 -0600