About the Author

Chris Shiflett

Hi, I’m Chris: web craftsman, community leader, husband, father, and partner at Fictive Kin.


All posts for 2004

PHP and Apache 2 Slashdotted

Slashdot is running a story about the recent PHP and Apache 2 discussion - Is Apache 2.0 Worth the Switch for PHP?. I feel compelled to clarify (and support) Rich's main point, because it seems to be missed by quite a few people. He believes that we sho…

PHP and Apache 2

Rich Bowen, a notable member of the Apache community, has commented on PHP's anti-Apache2 FUD. He makes some good points, such as the fact that there's more to Apache 2 than threading. Rich and I spoke about this issue at ApacheCon. During our brief con…

PHP Security Announcements

I've been asked about the "security issues" that prompted the release of PHP versions 4.3.0 and 5.0.3 enough times to warrant blogging about it. I understand the concern - you visit php.net and see: The PHP Development Team would like to announce the im…

Character Type Functions

An oft-overlooked PHP extension is ctype - a collection of functions that can help you determine whether a string belongs to a particular character class, such as alphanumeric. This extension is built-in as of PHP 4.3.0, so you may not have to do anyt…

Holiday Greeting

s/ss/s…

Free Security Corners and a Guru Speak

There are three new articles available at http://shiflett.org/articles: Security Corner: SQL Injection Security Corner: Data Filtering Guru Speak: How to Avoid "Page Has Expired" Warnings I hope you enjoy them.…

PHP Security Consortium

A little over a month ago, I mentioned the PHP security experiments that I've been conducting. I also solicited volunteers to help with my research. Many gracious PHP experts from around the world have offered their aid. I did not expect such a response…

Testing PHP

I guess this is my belated ApacheCon blog. I had a lot of fun as usual, and I got a chance to meet a few new people and hang out with old friends. The talk that Geoff and I gave went really well, and it ended up being as funny as we had hoped. More …

ApacheCon 2004

I'm off to Vegas for this year's ApacheCon. It looks like it will be a really great conference with lots of good talks and good times. I'm most excited about my Testing PHP with Perl talk with Geoff Young. If we succeed in explaining how cool all of the…

Installing PHP and Apache

As part of the work Geoff and I are doing with Apache-Test, I wrote some instructions for installing PHP and Apache with my favorite options. To install PHP as a shared library: $ tar -xvzf apache_1.3.33.tar.gz $ tar -xvzf php-5.0.2.tar.gz $ cd a…

Election Reflection

This is a nonpartisan collection of some of my thoughts about the recent election of the President of the United States. Discussing politics is considered taboo, but there are two issues that I think are huge. Why must America treat elections like sport…

PHP Security Experiments

I've been conducting some experiments lately to test a few security hypotheses that I've had as well as feed my curiosity. The success rate of these experiments has been shocking. The most recent experiment is taking place on the Zend forums, although it…

Handling 404 Errors with PHP

The PHP site does some nice trickery with 404 errors (plus 401 and 403). This is what accomodates short URLs like http://www.php.net/security. Want to do something similar on your own site? I see people asking how to do this all the time, even though the…

Guru Speak

The latest edition of PHP Magazine includes a new column that I will be writing called Guru Speak. I have been given a lot of flexibility in terms of the topics that I choose to write about, but one recurring topic will be providing thorough answers to c…

Foxylicious - Firefox Finally Groks del.icio.us

Someone finally wrote a good Firefox extension for del.icio.us. It's called Foxylicious. What makes it good? It does exactly what I described in my previous comments about del.icio.us: Now, if only there were browser plugins for Firefox and Safari that i…

Preparing for the Zend Certification

In the past week or so, there has been a lot of discussion about preparing for the Zend Certification exam. A common concern people have is whether they can expect to pass it, and this is understandable. Even when you've been developing in PHP for a few …

The Race Continues

No one has finished the race yet. Will you win?…

ApacheCon Early Bird

Don't forget to register for ApacheCon by this Thursday (30 Sep) to save $300 (and up to $400 on tutorials): Early-bird registration is priced at US$599 for the full conference package. This gives you access to three days with more than 65 sessions. Ther…

Shared Hosting with PHP

My column from the Mar 2004 issue of php|architect is now available for free: Security Corner: Shared Hosting This article explains, among other things, that safe_mode is no substitute for a secure server, and no shared host is ever going to be as secure…

php|works

php|works turned out really well. Marco and everyone else at php|architect did a super job with everything. The conference was split into three tracks: two technology tracks and a business track. This meant that there were always three talks to choose fr…

PHP Session Security

My talk for php|works, PHP Session Security, is now online. As with most of my talks, the slides only provide a vague outline. I hope to offer a more useful resource for session security (similar to the PHP Security Workbook) sometime soon.…

In Toronto for php|works

I'm sitting in the atrium of the Holiday Inn Yorkdale in Toronto, enjoying the free wireless access. I'll be here all week for php|works, a conference hosted by the fine folks at php|architect. I'm giving a talk on PHP Session Security on Thursday, and I…

Zach Braff has a Blog

I finally saw Garden State tonight. I expected to be impressed, and it exceeded my expectations. Apparently Zach and I also share similar taste in music, since I was able to piece together a good bit of the soundtrack using my existing collection. As is…

DataLibre

Steve Mallett has just announced a new project called DataLibre. The principles surrounding the project are best described in Steve's discussion on Applying Distributed XML to The Open Source Paradigm Shift that I referenced in an earlier blog post. Whil…

Securing PHP Code with Zend

I worked hard on the PHP security tutorial that I gave at OSCON this year, and I have been delighted by the attention it has been receiving since. The PHP Security Workbook that accompanied the talk is still a frequent recommendation among PHP sites wor…

Foo Camp and Electronic Voting

I'm at Foo Camp this weekend, an ad hoc gathering hosted by Tim O'Reilly. Tim describes Foo Camp as follows: Foo Camp is a creation of the people who attend. We're inviting people who're doing interesting works in fields such as web services, data visual…

HTTP Developer's Handbook Feedback

There has never been a lot of attention given to my HTTP Developer's Handbook. I've always believed that this is a direct reflection of the topic and the fact that there is (of course) no community surrounding HTTP like there are with programming languag…

Yahoogle and Flickr

I just read Nat's blog entry about Why Yahoo and Google Still Don't Get It. First, I must say that Yahoogle is the best word I've seen since Orkwhore. What is Flickr anyway? It seems everyone is talking about it lately. I even see people talking about Fl…

del.icio.us

I finally decided to start using del.icio.us to manage my bookmarks, because I have a disorganized collection residing on multiple computers and in multiple browsers - I can never find what I'm looking for. As an example, I can never remember the name of…

Steve Mallett on "Infoware"

You should read Steve Mallett's discussion on Applying Distributed XML to The Open Source Paradigm Shift. In Steve's words: Herein I propose a possible solution to insuring the freedom to innovate and improve as we do with open source software as it may …

Fired for Blogging

I just read Joyce Park's blog entry about her termination from Friendster. The opening paragraph sums it up pretty well: So I was terminated from Friendster today. The reason given was blogging. If true, this paints a poor picture of Friendster, a suppos…

PHP at ApacheCon

The schedule for ApacheCon has been published, and it looks like it will be a great conference for PHP developers. I will be giving a 3 hour PHP security tutorial on Sunday. If you missed the one I gave at OSCON, you're in luck, because I plan to work ha…

The Race Begins

Security Corner

For those of you who read php|architect, you're probably familiar with my monthly column on PHP security called Security Corner. After a very successful first six months, I'm happy to announce the free availability of the first column, Security Corner: S…

Securing PHP Sessions

The slides for Securing PHP Sessions are now online. This was my last talk, and I'll have pictures and conference comments up soon.…

OSCON Slides Available

The slides for PHP Security and Foiling Cross-Site Attacks are now available.…

PHP Security Workbook

My OSCON tutorial, PHP Security, was a big hit. The workbook for the tutorial is likely the most complete source of PHP security information and best practices available (until my book, PHP Security, is published). Here it is: php-security.pdf (248 KB, 5…

OSCON Bound

I'll be spending this week in Portland, Oregon at the O'Reilly Open Source Convention. I'm giving a talk on the PHP track called Securing PHP Sessions that should be interesting. I'll be focusing on topics such as session fixation and session hijacking, …

Zend PHP Certification

Although most of the attention this week has been on the release of PHP 5, Zend has also just announced the Zend PHP Certification. I am happy to be a member of the Zend PHP Education Advisory Board, the group that "has established the curriculum criter…

Upcoming Conferences

The O'Reilly Open Source Convention returns to Portland in two weeks (26 Jul to 30 Jul). There are plenty of PHP Sessions and PHP Tutorials, so it should be a great conference for the PHP crowd. php|works is a new conference hosted by the folks at php|ar…

Planet PHP

I recently received an email from Christian Stocker, regarding my previous comments about Planet PHP. After visiting again, I see that many of the PHP blogs that were missing have been added. It still uses blog titles rather than the names of people, but…

PHP Scales

There has been a lot of discussion lately about scalability, brought about by Friendster's move to PHP. Once again, I am amazed at how many people don't understand what scalability means (even though I'm glad to see fewer and fewer people misspelling it)…

PHP Security Seminar

For those in the New York City area, I'm giving a PHP security seminar tomorrow night at Masonic Hall at 71 W 23rd St. It's scheduled to be two and a half hours, and I plan to split this into three 40 minute sections with two 15 minute breaks, so that th…

A PHP Guy at YAPC: Part II

Day 3: The last day of the conference came too quickly. I slept in a little (missed Geoff's Apache-Test talk), then walked over to campus. I overloaded on those tasty banana muffins before checking in on Jeff after his 85 minute talk on extproc_perl. We …

A PHP Guy at YAPC: Part I

Day 0: I took a train from Penn Station to Philadelphia to stay at Geoff's house Monday night (Day -1). We then drove to Buffalo on Tuesday (Day 0) with Jeff and Mike (a former co-worker of Geoff and Jeff). Everyone is staying at the University Inn, but …

Adam Trachtenberg's New Blog

Apparently Adam started a blog on his Web site a few weeks ago. Since his site was last updated 6-9 months ago, I just now found out. He went back and populated it with old news, so you can find out about his new book, Upgrading to PHP 5, hear about our …

Gmail and Spam

Maybe it's morbid curiosity, but I find ad-hoc spam experiments to be interesting. Add in Google's shiny new Gmail, and you get this: http://gmail.prattboy.net/.…

CD Baby and George

I just read a very favorable review of Advanced PHP Programming by George Schlossnagle. This isn't unusual, since everyone loves George's book (myself included, although I haven't had a chance to read it thoroughly enough to review it yet), but I thought…

Google Blog

As pointed out by Adam, Google now has its own blog. Interesting. Check out the Atom feed.…

PHPCommunity.org Article

As noted in the PHPCommunity.org Blog, the 03.2004 issue of PHP Magazine (print edition) features an article that describes the first few months of the project. The article, PHP Community: Part I, is now available from their Web site. This is a good arti…

Foiling Cross-Site Attacks

For the PHP developers who are interested in learning more about Cross-Site Scripting (XSS) or Cross-Site Request Forgeries (CSRF), I'm happy to announce that Foiling Cross-Site Attacks is now available for free from my Web site. This article, originally…

FOSS Planet

The FOSS Planet seems like a nice idea. It's almost too exhaustive for my needs, but I'm sure I'll be reading it anyway. It's difficult to please everyone with this sort of thing. I recently stumbled upon Planet PHP, but it didn't interest me (despite my…

PHP Community Logo

The PHP community now has a logo. The winning artist is Peter Jovanovic (with contributions from Richard Davey). Congratulations, Peter, and thanks for the great logo. We will hopefully soon have banners of various sizes that you can place on your site …

MySQL Speaker Guidelines

Zak Greant has posted the MySQL Speaker Guidelines under a Creative Commons Attribution License. This seems like a good step toward eliminating the "reinventing the wheel" syndrome among conference organizers. Hopefully this will start a nice trend of co…

PHP Security at OSCON

I will be giving three talks at OSCON this year: two sessions and a tutorial. They're all focused on PHP security in one way or another, and I'm very happy that O'Reilly is giving this topic so much attention. I'm including the descriptions below, altho…

PHPCommunity.org Logo Contest Ends

The PHPCommunity.org Logo Contest ended a few days ago. All of the entries are online, and you can make comments on your favorites. Thanks to all who entered. There are some really great logos.…

Atlanta PHP

Ben Ramsey, of the PHPC project, and Matt Kern are creating a PHP user group in Atlanta. As described here, Matt actually thought of the idea three days before Ben. Maybe this will make a funny story once the group gets going. I wish them both the best o…

Phundamentals

New York PHP has a nice series of PHP best practices called phundamentals. These are basically common questions that are posed to the NYPHP-Talk mailing list, and after a few weeks of discussion, all of the various perspectives and recommendations are co…

Advanced PHP Programming

A copy of George's new book, Advanced PHP Programming, arrived today. It looks fantastic, and you can find the Table of Contents on his blog. If you want to buy a copy, use this link, so that George gets a commission. I plan to post a review sometime soo…

PHP Blogs

I just recently discovered Dynamically Typed, a blog by Harry Fuecks about PHP. It definitely seems worth adding to the list. I also stumbled upon Ben Ramsey's Blog. Ben is one of the people working on PHPCommunity.org.…

Microsoft Leak

Rich Bowen has an interesting perspective on the recent Windows code leak. What I have found most interesting is how people consider this event to be such a major security threat. Of course, they're right, but this is a clear indication that everyone,…

PHP Security Articles

The Truth about Sessions, the cover article I wrote for the inaugural issue of PHP Magazine (Digital Edition), is now freely available on my Web site at http://shiflett.org/articles/the-truth-about-sessions. I hope this provides a nice reference for ses…

Redesign and Writing

As with most Web developers, I never seem to have any time to spend on my own site. As a result of my boredom with the design of this site, I decided to completely redo it. I've also been doing a lot of writing lately. I'm finally beginning to make real …

MySQL Licensing

It's been a week since he wrote this (I've been busy with PHPCommunity.org), but Theo has written a nice testimonial about the problems developers are facing with MySQL's licensing. Zak has been hosting an open license review recently. Hopefully good thi…

PHP Community Logo Contest

Are you artistically inclined? We are looking for a logo that embodies the spirit of the PHP community for use with the new community site to be located at phpcommunity.org. Those who have volunteered to help build the PHP community site are already awar…

2003 Highlights

2003 has ended, and since this is the first time that I've had a blog as a new year begins, I have decided to record my personal highlights of last year. My first book, HTTP Developer's Handbook, was published Moved to NYC and got involved with New York…