About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Essential PHP Security Slashdotted

Thanks to everyone who wrote to let me know that Essential PHP Security was Slashdotted yesterday. Slashdot still amazes me. I think the book's Amazon.com Sales Rank is a testament to the power of Slashdot:

Here's a closer view:

The review is very complimentary, but I'd like to address one point:

In light of the author's expertise, one would presume that he would make every effort to write the definitive volume on PHP security - covering every conceivable topic, including: execution of system commands, verification of user IDs and authorization, email spamming via web forms, (the related topic of) exclusion of bots, and remote procedure calls.

I replied to this, stating:

I deliberately chose to focus this book on the 80%, and I'm happy that I did. PHP's reputation suffers because of security concerns, and I'm sure you'll see some of that expressed here. I want PHP developers who read this book to focus on what's most important, and the principles and practices that they learn along the way should prepare them to deal with more minor concerns.

Luke Welling comments:

I guess leaving your readers hungry for more of the same is a compliment of sorts.

Well put, Luke. Thanks. :-)

About This Post

Essential PHP Security Slashdotted was posted on Tue, 14 Feb 2006 at 17:34:23 GMT.

5 Comments

1. Nate Klaiber's GravatarNate Klaiber said:

I just stumbled upon this yesterday and will be ordering this book tonight. I have read the free chapters from the website, as well as other articles from you, Chris, and I think this is going to be a great resource for me and my development!

I also just ordered 2 Regular Expression books to add to my library, so I have to read those first :)

Thanks!

Nate

Tue, 14 Feb 2006 at 17:52:41 GMT Link

2. Dan Scott's GravatarDan Scott said:

When you say "Slashdotted", do you mean that the hordes of Slashdot readers brought down the book's Web site? That's generally how the term is used (has both good and bad connotations: good for the reflection of interest by the unwashed Slashdot masses, bad for the capability of the Web server / database backend to handle the onslaught of hits).

BTW, i happened to have moderator points yesterday and spent most of them on the comments related to the review. Congrats on the visibility!

Speaking of visibility, my book "Apache Derby: Off to the Races" was ranked #40,251 today. I guess that makes my book about 100* more popular than yours. What? Oh... damn.

Tue, 14 Feb 2006 at 18:58:26 GMT Link

3. Chris Shiflett's GravatarChris Shiflett said:

I hope you enjoy it, Nate. :-)

Dan, I guess I don't use the term correctly - I just meant that it was mentioned on Slashdot. Luckily, the server's doing fine, although there was quite a traffic spike.

I got a free copy of "Apache Derby: Off to the Races" at ApacheCon - it's a nice hardcover book, unlike the flimsy things the rest of us offer. I'm sure a good Slashdotting (errr, a mention on Slashdot) will boost the sales rank. :-)

Tue, 14 Feb 2006 at 19:06:48 GMT Link

4. Joe Lewis's GravatarJoe Lewis said:

Chris: I'm ready to see the follow-up: PHP Security, The Definitive Guide... ;-)

Tue, 14 Feb 2006 at 20:22:28 GMT Link

5. bryan's Gravatarbryan said:

How about a "PHP Security, 'Nuff said" ?

Tue, 14 Feb 2006 at 21:52:57 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

php|works / PyWorks

12 - 14 Nov 2008

At Sheraton Gateway Hotel Atlanta Airport, Atlanta, Georgia.

New Comments

Dave wrote:

Hi Seth, I'm experiencing exactly the same problem as you have. Have you fixed it? How?

Posted in
Matt Robinson wrote:

Wotcha Chris, thanks for the tip about headers in the web inspector, I hadn't noticed them! (Actu...

Posted in Inspecting and Hacking HTTP
Stelian Mocanita wrote:

Not much I know so far, didn't get far with debugging it to get as far as http headers but I know...

Posted in Facebook Worm
Chris Shiflett wrote:

Yes, good point. The message this worm sends is really just a phishing attack, and Facebook is do...

Posted in Facebook Worm
yawnmoth wrote:

Given that Samy required no action on the users part, above and beyond viewing an infected users ...

Posted in Facebook Worm

Browse Comments