NYCPHP Meetup

NYPHP.org

[nycphp-talk] more crappy programs: security focus 230 - 232

Jeff Siegel jsiegel1 at optonline.net
Sun Jan 25 21:12:53 EST 2004 

 > I'd like to volunteer to be involved with ongoing security issues 
from > a
 > distance, like testing code, or contributing to short (PHundamentals?)
 > articles.

We *definitely* need some security-related articles for PHundamentals.
If you (or anyone else) needed a "jumping off" point...Mike Southwell is 
wrapping up an article on php.ini so, I would think, a brief discussion 
of register globals may be a good topic for a short article.

Jeff Siegel

John Lacey wrote:
> 
> 
> Hans Zaunere wrote:
> 
>>> Chris Shiflett wrote:
>>>
>>>
>>>> It doesn't take too terribly long to verify the validitity, or lack
>>>> thereof, of what is mentioned on Security Focus relating to PHP. Maybe
>>>> NYPHP could host a Snopes-like site for this type of thing. :-)
>>
>>
>>
>> Very good thoughts.
>>
>>
>>> From: John Lacey
>>>
>>> I was thinking that it would be a really cool and helpful project for 
>>> interested NYPHP members to set up what amounts to a 'honeypot' -- 
>>> with a different twist -- for 
>>> proving/testing/evaluating/hacking/messing-with/bashing an AMP 
>>> platform/apps./utilities/whatever.
>>
>>
>>
>> Ditto here, too.  We have the horsepower to dedicate a server for 
>> this.  Also, we need to get our CMS solidified, at which point it'll 
>> be a snap for people to get content (from both aforementioned topics) 
>> online ASAP.  We'll need someone to head these efforts up...?
>>
> 
> Hi Hans,
> 
> I'd like to volunteer to be involved with ongoing security issues from a 
> distance, like testing code, or contributing to short (PHundamentals?) 
> articles.  But we need at least one local NYPHP member with more than a 
> smattering of
> knowledge and experience in this area (and that's not me at the 
> moment).  Since my main interest is in teaching people who are newcomers 
> to AMP and other OSS stuff, it is critically important they start off 
> with good coding techniques (I teach PEAR Coding Standards) and 
> especially the security concerns and repercussions of what they're 
> doing.  It's easy to say "Never trust user input", but that doesn't mean 
> a whole hell of a lot unless you show people the HOW of it and they code 
> it up for themselves.
> 
> ... steps off learning soap box...
> 
> I think NYPHP could provide an extremely valuable service to the AMP 
> community at large with an ongoing security focus on both basic and 
> advanced best practices.  In that regard, I'm looking forward to Chris' 
> Security book.
> 
> Let me know how I can help.
> thanks,
> John
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 

-- 
Found on the Simpson's Website:
"Ooooooh, they have the internet on computers now!"

More information about the talk mailing list