NYCPHP Meetup

[Jon Niola]

Interesting thread. I think that security is one area that even many 
of us PHP veterans could always learn more about.

I recently have had to do some research on these types of issues 
myself. I consider myself  to be pretty good with PHP, but security 
is a pretty complicated issue with so many issues to consider.

For example on the NYPHP site in "phundamentals" section there is the 
article on form spoofing. I have seen so many different schools of 
thought on this.

Thinking about that article I was wondering, why not just check the 
HTTP_REFERER to make sure the form is being submitted from server as 
opposed to someone storing it locally and editing vars?

Might not be too bad an idea for us to put together a security page 
with best practices, do's and don't etc. It would be a valuable 
resource for even the seasoned coders. Some of the best coders I know 
take security for granted.

Just my $.02 on the subject.

--Jon

>For those not on the PHP-General list, a good thread has recently 
>been developing where Rasmus showed some interesting examples and 
>discussion of cross-site scripting vulnerabilities.
>
>Follow the thread
>http://marc.theaimsgroup.com/?t=111721168800001&r=1&w=2
>
>And Rasmus' first post:
>http://marc.theaimsgroup.com/?l=php-general&m=111722197717368&w=2
>
>
>---
>Hans Zaunere
>President, Founder
>
>New York PHP
>http://www.nyphp.org
>
>AMP Technology
>Supporting Apache, MySQL and PHP
>
>
>
>
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org