About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

Teach a Man to Fish

A recent comment by Jeremy Chin (replying to my article The Truth about Sessions) likens my writing to teaching a man to fish:

Give a man a fish and he'll eat for a day. Teach a man how to fish and he'll eat for a lifetime. I definitely think your article belongs in the latter as you did a marvelous job of explaining the mechanics of how servers handle requests, and how security holes can be, and are, exploited.

I want to thank Jeremy for his kind words, and I also want to highlight the reasoning behind my writing style and why I am particularly happy to see someone make this analogy.

Web application security is a young and evolving discipline. There are very few "right answers" in this field, and many security professionals are hesitant to offer advice for fear of being misunderstood or wrong. If a safeguard is misapplied or offers insufficient protection, the author's reputation is at stake.

I enjoy my role in the community largely because I'm not too concerned with reputation. I believe that by genuinely trying to help people, a certain amount of forgiveness is afforded. However, I take my role very seriously, and I think it's important to offer sound advice, particularly regarding security. This is why my writing style is to explain a problem as thoroughly as possible before offering a solution. By explaining the reasoning behind a particular solution, I think readers can better understand and appreciate the protection it offers. In addition, there are many smart people in the PHP community, and the more people who understand a particular problem, the better the solution(s). (I'd love to see a really good non-SSL solution to session hijacking.)

This is why readers can comment on any of my articles. If you think you spot an error or want to share a particularly creative solution to the problem being discussed, just leave a comment. I read them all, and I plan to keep all of my articles updated.

About This Post

Teach a Man to Fish was posted on Tue, 11 Oct 2005 at 02:21:56 GMT.

0 Comments

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

ConFoo

10 - 12 Mar 2010

At Hilton Montréal Bonaventure, Montréal, Canada.

South by Southwest

12 - 16 Mar 2010

At Austin Convention Center, Austin, Texas.

Dutch PHP Conference

10 - 12 Jun 2010

At TBD, Amsterdam, Netherlands.

O'Reilly Open Source Convention

19 - 23 Jul 2010

At Oregon Convention Center, Portland, Oregon.

New Comments

Chris Shiflett wrote:

Glad it helped, Niall!

Posted in Git on Snow Leopard
Niall Kelly wrote:

Having tried other methods without success and looked through plenty of bloated documentation, th...

Posted in Git on Snow Leopard
liukang wrote:

I have problem with this example. In my php.ini magic_quotes_gpc is off so i'm using only addsla...

Posted in addslashes() Versus mysql_real_escape_string()
RyanTheGreat wrote:

Well, I'm not Chris, but I will do my best to address the questions raised in the comments by Ian...

Posted in Security Corner: Cross-Site Request Forgeries
Chris Shiflett wrote:

Thanks for the kind words, Simon. I'm glad you liked the tutorial. In case it's helpful, here'...

Posted in Webstock

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook