I've been working on this pet project of mine for some time now. I've been slowly chipping away at it. I'm currently customizing a popular CMS by "sanitizing" some of the coding and mod'ing some of its core components. It's ready to roll, however, I'm not usually satisfied with my work, unless I can validate it against the published works of well known authors of their field.
I've been reading a few books, and have been consulting with official online social forums. However, I haven't really been satisfied until I ran into 2 very specific books. The first, I won't really feature here ("Beginning PHP and PostgreSQL 8: From Novice to Professional ") The second book I've been digging into is "PHP 5 Power Programming".
I'm finding it very useful and easy to apply with very little changes to my current coding. Mostly, I'm finding the security rich features in it quite satiating. (Yes. I know. I could've just said satisfying or filling my hunger.)
One particular reference I found very insightful is on the topic of users (malicious or otherwise) inserting malicious script into forms, or injecting data right into your database. Also mentioned was a common rooky mistake of allowing cross-site script access (or API access.)
from your own site. Although this book was written a couple of years ago, It still very much applies today. For those of us that have been following some of the online trends and threats, we know through Mashable that Reddit was attacked in this very fashion; cross-site scripting.
Of course I did RT (Retweeted) Mashable on thist, and left a comment on their page as well regarding proper "sanitizing" of web applications.
I'm trying to keep it short. Read this book if you are a coder, even if you are a proficient or advanced coder. Obviously Reddit's admins could have used a refresher course.
You can download this book as a free digital version of this (.pdf) @ http://www.computer-books.us/php_2.php
You can purchase your soft cover copy @ Amazon.com: OR just: http://bit.ly/3mfyf5 PHP 5 Power Programming (Paperback) Price: $37.23 |
For now, this is Jerry Z. going back to my reading and coding.
For those of you on Twitter, you can always follow my tweets and look for my latest.