About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Essential PHP Security Slashdotted

Thanks to everyone who wrote to let me know that Essential PHP Security was Slashdotted yesterday. Slashdot still amazes me. I think the book's Amazon.com Sales Rank is a testament to the power of Slashdot:

Here's a closer view:

The review is very complimentary, but I'd like to address one point:

In light of the author's expertise, one would presume that he would make every effort to write the definitive volume on PHP security - covering every conceivable topic, including: execution of system commands, verification of user IDs and authorization, email spamming via web forms, (the related topic of) exclusion of bots, and remote procedure calls.

I replied to this, stating:

I deliberately chose to focus this book on the 80%, and I'm happy that I did. PHP's reputation suffers because of security concerns, and I'm sure you'll see some of that expressed here. I want PHP developers who read this book to focus on what's most important, and the principles and practices that they learn along the way should prepare them to deal with more minor concerns.

Luke Welling comments:

I guess leaving your readers hungry for more of the same is a compliment of sorts.

Well put, Luke. Thanks. :-)

About This Post

Essential PHP Security Slashdotted was posted on Tue, 14 Feb 2006 at 17:34:23 GMT.

5 Comments

1. Nate Klaiber's GravatarNate Klaiber said:

I just stumbled upon this yesterday and will be ordering this book tonight. I have read the free chapters from the website, as well as other articles from you, Chris, and I think this is going to be a great resource for me and my development!

I also just ordered 2 Regular Expression books to add to my library, so I have to read those first :)

Thanks!

Nate

Tue, 14 Feb 2006 at 17:52:41 GMT Link

2. Dan Scott's GravatarDan Scott said:

When you say "Slashdotted", do you mean that the hordes of Slashdot readers brought down the book's Web site? That's generally how the term is used (has both good and bad connotations: good for the reflection of interest by the unwashed Slashdot masses, bad for the capability of the Web server / database backend to handle the onslaught of hits).

BTW, i happened to have moderator points yesterday and spent most of them on the comments related to the review. Congrats on the visibility!

Speaking of visibility, my book "Apache Derby: Off to the Races" was ranked #40,251 today. I guess that makes my book about 100* more popular than yours. What? Oh... damn.

Tue, 14 Feb 2006 at 18:58:26 GMT Link

3. Chris Shiflett's GravatarChris Shiflett said:

I hope you enjoy it, Nate. :-)

Dan, I guess I don't use the term correctly - I just meant that it was mentioned on Slashdot. Luckily, the server's doing fine, although there was quite a traffic spike.

I got a free copy of "Apache Derby: Off to the Races" at ApacheCon - it's a nice hardcover book, unlike the flimsy things the rest of us offer. I'm sure a good Slashdotting (errr, a mention on Slashdot) will boost the sales rank. :-)

Tue, 14 Feb 2006 at 19:06:48 GMT Link

4. Joe Lewis's GravatarJoe Lewis said:

Chris: I'm ready to see the follow-up: PHP Security, The Definitive Guide... ;-)

Tue, 14 Feb 2006 at 20:22:28 GMT Link

5. bryan's Gravatarbryan said:

How about a "PHP Security, 'Nuff said" ?

Tue, 14 Feb 2006 at 21:52:57 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

O'Reilly Open Source Convention

21 - 25 Jul 2008

At Oregon Convention Center, Portland, Oregon.

ZendCon

15 - 18 Sep 2008

In Santa Clara, California.

PHP Appalachia

11 - 14 Oct 2008

At Big Bear Lodge, Gatlinburg, Tennessee.

New Comments

Ash Searle wrote:

It might be worth changing your example code from using htmlentities to htmlspecialchars. Runn...

Posted in Allowing HTML and Preventing XSS
Chris Shiflett wrote:

Hi Steve, According to the NYT Manual of Style and Usage, it's push-up: Most but not all co...

Posted in Miscellaneous
steve wrote:

so, is it push up, pushup or push-up? just curious... --steve --www.hundredpushups.com

Posted in Miscellaneous
Walter Lawless wrote:

It's sad to think that even now, nearly 4 years after this was originally written, that there are...

Posted in
Asanka Dewage wrote:

I've been a Mac user for over a year now and I didn't know about the [say] command! What a nifty ...

Posted in Miscellaneous

Browse Comments