About the Author

Chris Shiflett

Hi, I’m Chris: web craftsman, community leader, husband, father, and partner at Fictive Kin.

All posts for Jun 2005

PHP Security Forum

If you're interested in PHP security, you might be interested in the PHP Security Forum being hosted by the PHP Developer's Network.

I've already spotted a few topics that look interesting to me:

I've been contributing to the SitePoint Forums lately. Although they don't have a forum dedicated specifically to PHP security, the topic comes up frequently on the PHP and PHP Application Design forums.

PHP Security Makes OSCON Top Ten

I am surprised and delighted to discover that PHP Security is one of the Top Ten OSCON Tutorials. I am a bit disappointed to see that it is the only PHP tutorial to make the list. Perl and Ruby have two each.

If you haven't registered yet, be sure to sign up for these other great PHP tutorials:

Laura Thomson Has a Blog

Laura Thomson, who PHP folks might know as the coauthor (with husband Luke) of PHP and MySQL Web Development, finally has a blog (and a feed).

Laura will be at the O'Reilly Open Source Convention giving a tutorial about PHP and MySQL Best Practices. If you register by June 20 (this Monday), you can save $400.

PHP Security Audit HOWTO

I had a nice time in Vancouver, although my visit was very short. This conference only had one track, and this approach has some advantages. For example, the speakers are able to reference material from earlier talks and be reasonably assured that most people in the audience are able to follow. The main disadvantage is the lack of choice and variety, but this was alleviated somewhat by the fact that the entire conference was on such a specific topic.

My talk, the PHP Security Audit HOWTO was one of my most popular yet - I have received more positive feedback from this talk than any talk I've given to date. I think the widespread satisfaction is the result of two things - the conference was based entirely upon a topic that is my particular area of expertise, and my talk was more pragmatic than usual (I tend to recite a lot of theory when discussing security). As a result, I plan to make my talks a bit more practical and relax the theoretical purity. The perfect balance of theory and practicality is hard to find, but I'll start searching for it. :-)

The slides of my talk are currently available on Brain Bulb's web site:

I got to hang out with Bruce Perens quite a bit. Although we talked about a number of different things, software patents are clearly the major topic on his mind these days. He has written a good article called The Problem of Software Patents in Standards. It's worth reading.

PHP Security in Vancouver

I'm off to Vancouver to speak at PHP West. This entire conference is about PHP security, which is both surprising and encouraging. Security seems to be getting more and more attention within the PHP community, and even if I have very little to do with that, it's nice to see. PHP's poor reputation regarding security is undeserved, and while this is obvious to most people in the community, it is less obvious to those on the outside.

I'll be giving a talk called the PHP Security Audit HOWTO. Although Brain Bulb offers professional PHP security audits, this talk will focus on how to effectively leverage peer reviews. Professional security audits are expensive, and peer reviews are a frequently overlooked alternative. A good audit takes a lot of time, but you probably have coworkers who spend half their time reading Slashdot anyway. Put those lazy bastards to work! :-)

Bruce Perens is also giving a talk, so perhaps I'll get to meet him. PHP folks might know him as the name behind the Bruce Perens Open Source Series, the series that brought us PHP 5 Power Programming (by Andi, Derick, and Stig). (This book is now freely available in PDF format.)

I'll be sure to post my slides when I return.

Happy Birthday, PHP!

Ten years ago today, Rasmus announced Personal Home Page Tools (PHP Tools) version 1.0. Today, numerous people contribute to PHP and to the nurturing of its community, but the project has never lost sight of Rasmus's original goal of solving the web problem. The popularity of the language is the best testament to its success.

My passion for the web dates back to 1994 when I started playing with HTML and HTTP, and I soon began developing CGIs in C. The process was tedious, but it was the easiest way for me to create a GUI application. By simply generating some HTML, I could have an application that looked nice and pretty.

I then discovered Perl, PHP, and ColdFusion (in that order), and PHP became my favorite. Due to market demand in the late 90s, however, I took a job writing ColdFusion (and C) after getting my degree. Three years later, I became a freelance PHP consultant, and I've been making a living with PHP ever since, most recently with the PHP consultancy that I started earlier this year.

So, thanks to Rasmus for getting things started, to Zeev and Andi for their early contributions, and to everyone else who continues to contribute to PHP - whether it's by contributing directly to the language, answering questions on mailing lists, or just writing interesting applications in PHP - you are what makes PHP what it is today. Thank you.

Other thoughts are being tracked here on del.icio.us.