[PHP] Surge 2011 CFP Deadline Extended

2011-04-08 Thread Katherine Jeschke 
OmniTI is pleased to announce that the CFP deadline for Surge 2011, the
Scalability and Performance Conference, (Baltimore: Sept 28-30, 2011) has
been extended to 23:59:59 EDT, April 17, 2011. The event focuses upon case
studies that demonstrate successes (and failures) in Web applications and
Internet architectures. New this year: Hack Day and Unconference on
September 28th.

For information about topics: http://omniti.com/surge/2011. Get inspired by
the 2010 sessions, now online at (http://omniti.com/surge/2010)

2010 attendees compared Surge to the early days of Velocity, and our
speakers received 3.5-4 out of 4 stars for quality of presentation and
quality of content! Nearly 90% of first-year attendees are planning to come
again in 2011.

For more information about the CFP or sponsorship of the event, please
contact us: surge (AT) omniti (DOT) com.


-- 
Katherine Jeschke
Marketing Director
OmniTI Computer Consulting, Inc.
7070 Samuel Morse Drive, Ste.150
Columbia, MD 21046
O: 410/872-4910, 222
C: 443/643-6140
omniti.com
circonus.com

[PHP] Security Question

2011-04-08 Thread nighthawk1256 
hey guys/girls,

whats the best way to learn about security in php?




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Security Question

2011-04-08 Thread Jay Blanchard 
[snip]
whats the best way to learn about security in php?
[/snip]

Study, study, study!

Chris Shiflett is a recognized expert on PHP security -
http://shiflett.org/

He has a great book on PHP Security -
http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet
t-20
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Security Question

2011-04-08 Thread Alex Nikitin 
Best way to learn about security of something is to learn how to break it...

On Apr 8, 2011 3:55 PM, "Jay Blanchard"  wrote:
>
> [snip]
> whats the best way to learn about security in php?
> [/snip]
>
> Study, study, study!
>
> Chris Shiflett is a recognized expert on PHP security -
> http://shiflett.org/
>
> He has a great book on PHP Security -
> http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet
> t-20
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Re: [PHP] Security Question

2011-04-08 Thread Adam Richardson 
On Fri, Apr 8, 2011 at 3:24 PM, nighthawk1256  wrote:

> hey guys/girls,
>
> whats the best way to learn about security in php?


Here are some relevant topics to consider:

   - Validate input (only accept what you're expecting, via GET, POST, and
   COOKIE, and don't try to fix an invalid value, throw it out.)
   - Use prepared statements (PDO makes this easy and generalizes quite well
   across popular DB's.)
   - Only give the bare minimum permissions required to accomplish a task
   (e.g., I usually have one SQL user account for reads, and one that allows
   for reads and writes.)
   - When errors occur, don't leak important system information to your
   users.
   - Hash passwords (with a salt) that are stored so you're never storing
   the literal value.
   - If you use an authentication system that's implemented with cookies
   (sessions-based or custom), all requests should run over https instead of
   http.
   - Escape output according to context (html, attribute, or url.)

If you google the above topics, you'll find some great sites/blogs that
address these topics in detail.

Adam

P.S. - Or, you can just use my one-file web framework which helps you
automatically address all but the https issue above :) Sorry, it's a Friday
so I couldn't resist the shameless plug.

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

[PHP] pick a card, any card...

2011-04-08 Thread Kirk Bailey 
in otherwords, the entire idea of picking one of N objects, whatever 
they are- strings, numbers, gummybears, lined up in a listing, and 
return the one item selected. This seems a common enough function 
there should be a simple way to do it already in php. HOWEVER, I 
ain't findin' it that way, no sir/maam/other.
Maybe I am missing the obvious SIMPLE way to get the job done. So if 
we have a listing of foo's, we can title this $listing, and we want 
1 of them to be returned, we should see something like:

randmember($listing)
and if the listing was "A","B","C","D","F"
and it defaulted to return one of them, a valid return would be "C" 
for example.
opho does not seem to have a function in it, or loadable into it, to 
accomplish this; I have to write some long winded and complex thing 
to get the job done, and that's a bloody shame.


Any discussion?

--
end

Very Truly yours,
 - Kirk Bailey,
   Largo Florida

   kniht
  +-+
  | BOX |
  +-+
   think


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pick a card, any card...

2011-04-08 Thread Scotty Logan 
On Apr 8, 2011, at 8:20 PM, Kirk Bailey wrote:
> in otherwords, the entire idea of picking one of N objects, whatever they 
> are- strings, numbers, gummybears, lined up in a listing, and return the one 
> item selected. This seems a common enough function there should be a simple 
> way to do it already in php. HOWEVER, I ain't findin' it that way, no 
> sir/maam/other.
> Maybe I am missing the obvious SIMPLE way to get the job done. So if we have 
> a listing of foo's, we can title this $listing, and we want 1 of them to be 
> returned, we should see something like:
> randmember($listing)

array_rand() - it's already built-in - 
http://php.net/manual/en/function.array-rand.php

  Scotty

 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php