Thanks to everyone who wrote to let me know that Essential PHP Security was Slashdotted yesterday. Slashdot still amazes me. I think the book's Amazon.com Sales Rank is a testament to the power of Slashdot:
Here's a closer view:
The review is very complimentary, but I'd like to address one point:
In light of the author's expertise, one would presume that he would make every effort to write the definitive volume on PHP security - covering every conceivable topic, including: execution of system commands, verification of user IDs and authorization, email spamming via web forms, (the related topic of) exclusion of bots, and remote procedure calls.
I replied to this, stating:
I deliberately chose to focus this book on the 80%, and I'm happy that I did. PHP's reputation suffers because of security concerns, and I'm sure you'll see some of that expressed here. I want PHP developers who read this book to focus on what's most important, and the principles and practices that they learn along the way should prepare them to deal with more minor concerns.
Luke Welling comments:
I guess leaving your readers hungry for more of the same is a compliment of sorts.
Well put, Luke. Thanks. :-)