About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

PHP Security Consortium

A little over a month ago, I mentioned the PHP security experiments that I've been conducting. I also solicited volunteers to help with my research.

Many gracious PHP experts from around the world have offered their aid. I did not expect such a response (nor all of the attention that this has received), but I appreciate everyone's interest. I want to keep this group small, and I want to make sure that I only involve people with high ethical standards, so I have chosen a handful of people that I know - either personally or by reputation (through their involvement with and/or contributions to the PHP community). This doesn't mean that I don't trust the others, and it's very likely that more people will have a chance to be involved later, because it looks like this may turn into something much more than a research group.

In addition to myself, the following people are volunteering their time to help promote sound security practices within the PHP community:

Because Ben is proposing a talk to be given at PHP Quebec that discusses our research, discoveries, and progress, we have chosen a name for the group - the PHP Security Consortium. We're still just a small group of people conducting some research, but now Ben has something to call us in his proposal.

In addition to conducting research, we have plans to provide several PEAR modules, improve a few others, generate plenty of documentation, and speak at user groups and conferences - all with the intention of educating the PHP community about security concerns (both old and new) and providing tools and best practices to help promote secure application development.

About This Post

PHP Security Consortium was posted on Tue, 07 Dec 2004 at 23:28:25 GMT.

4 Comments

1. Interesting effort but....'s GravatarInteresting effort but.... said:

Forgive my bluntness but isn't the name 'PHP Security Consortium' a 'big' name for such a small group? Seeing that a consortium is more a group of groups rather than a group of people.

I reckon a more modest name such as 'PHP Security Group' would add credibility and sympathy for this activity instead of seeming like a selected 'elite' with delusions of grandeur.

Titles aside, this sounds like an interesting effort which I hope will bring value to PHP and its community.

Wed, 08 Dec 2004 at 01:33:17 GMT Link

2. Chris Shiflett's GravatarChris Shiflett said:

The name is arbitrary. We could have discussed it in great detail, but we're more interested in other things.

In my opinion, PHP Security Group sounds at least as grand, plus the best way to earn respect is by contributing value to the community, not by choosing a great name.

> Titles aside, this sounds like an interesting effort which I hope will bring value to PHP and its

> community.

Me, too. :-)

Wed, 08 Dec 2004 at 01:46:10 GMT Link

3. trond's Gravatartrond said:

As I'm certain that education on "web security" is needed*, I'm glad to see work being done. I look forward to read the results :)

*An example: I've taken university-level programming classes (and also worked as teaching assistant ("web programming with PHP"-course)) and security is def. not taken seriously enough. Things as simple as data-filtering and/or "protecting" against SQL injections are not given high priority, and sometimes not even mentioned (at least not in Norway).

Mon, 13 Dec 2004 at 00:53:32 GMT Link

4. Patrick Reilly's GravatarPatrick Reilly said:

I am looking forward to the great PEAR modules from this team of pros... Good work guys, keep it up!

Wed, 22 Dec 2004 at 21:13:45 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Events

Brooklyn Beta

21 - 22 Oct 2010

At The Invisible Dog, Brooklyn, New York.

New Comments

Mario Arroyo wrote:

The article is really very good and the users comments and external links to another articles jus...

Posted in
Raphael Almeida wrote:

I realy like hiphop music, but this is very crazy! We'll use it in user group PHP conference at ...

Posted in PHP Anthem
Mal wrote:

Having used smarty for many years, this has never been a problem for me, but after building a web...

Posted in PHP Stripping Newlines
Satya wrote:

Thanks for the info. I have posted the news here on my page: http://www.facebook.com/pages/Web-Sc...

Posted in PHP Anthem
John wrote:

Oh, you need to press "save your password".

Posted in Mozilla Account Manager

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook