About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.

All posts for Feb 2004


New York PHP has a nice series of PHP best practices called phundamentals. These are basically common questions that are posed to the NYPHP-Talk mailing list, and after a few weeks of discussion, all of the various perspectives and recommendations are compiled into a document and made available from the Web site.

I think this is a great approach for providing information, because multiple perspectives are always nice. There are already several articles, and with the recent launch of security-related phundamentals (that I am especially interested in, of course), I think this will become an important resource for PHP developers.

Advanced PHP Programming

A copy of George's new book, Advanced PHP Programming, arrived today. It looks fantastic, and you can find the Table of Contents on his blog.

If you want to buy a copy, use this link, so that George gets a commission.

I plan to post a review sometime soon.

PHP Blogs

I just recently discovered Dynamically Typed, a blog by Harry Fuecks about PHP. It definitely seems worth adding to the list.

I also stumbled upon Ben Ramsey's Blog. Ben is one of the people working on PHPCommunity.org.

Microsoft Leak

Rich Bowen has an interesting perspective on the recent Windows code leak.

What I have found most interesting is how people consider this event to be such a major security threat. Of course, they're right, but this is a clear indication that everyone, including Microsoft, believes open source code to be of superior quality.

PHP Security Articles

The Truth about Sessions, the cover article I wrote for the inaugural issue of PHP Magazine (Digital Edition), is now freely available on my Web site at http://shiflett.org/articles/the-truth-about-sessions. I hope this provides a nice reference for session security in PHP as well as a good description of how session management works in general.

I'm also happy to announce Security Corner, my new monthly column on PHP security that debuted in the February edition of php|architect (released yesterday). The first column covers session fixation, a common session-based attack that previously lacked any good documentation or best practice recommendations for PHP developers. I hope to bring into focus an important topic each month, and I think Security Corner may prove to be a reference point for defending against many application-based attacks. Marco Tabini has graciously agreed to allow Security Corner articles to be made freely available from my Web site six months after publication. So, to get the latest Security Corner, you will need to subscribe to either the electronic or print edition.

Redesign and Writing

As with most Web developers, I never seem to have any time to spend on my own site. As a result of my boredom with the design of this site, I decided to completely redo it.

I've also been doing a lot of writing lately. I'm finally beginning to make real progress on my upcoming book, PHP Security. I also have a few other writing projects in the works that I will mention soon. If only I could find a way to write about technology for a living...

MySQL Licensing

It's been a week since he wrote this (I've been busy with PHPCommunity.org), but Theo has written a nice testimonial about the problems developers are facing with MySQL's licensing.

Zak has been hosting an open license review recently. Hopefully good things will happen as a result. I encourage everyone to voice any concerns you have; MySQL AB seems very willing to listen and to try to resolve and/or clarify any legitimate concerns.