To All Devshed Forum Members

TO ALL DEVSHED FORUM MEMBERS

If you think that a question is stupid or basic or ridiculous then DON'T look at it at all.

You forget that this is a community forum, this means everyone is allowed to have their say and have a basic right not to be insulted, just because they are not at the same level of experience as you.

Scornful and nasty remarks only shows how unprofession and immature you are, not how experienced you are.

Devshed Forum's is an excellent source to pickup tips and various ways of doing things, not a place to be insulted, so lets try and keep it this way.

All we (your average member / visitors) care about is getting the help or info we need, as soon as we can get it, without stupid and unprofessional remarks. I have noticed that I am not the only "person" who feels this way.

I thoroughly agree with the guidelines posted in the following:
http://forums.devshed.com/announcement.php?s=&forumid=5

I recommend every user of devshed visit the above link. I would also like to point out that DevShed is not the only site where you can get help, I recommend searching through the wealth of resources on the net such as:

http://www.webmonkey.com/
http://www.phpbuilder.com/
http://www.internet.com/
http://www.phpgeek.com/
http://www.webdeveloper.com/

Now with my 2 cents out of the way, I would like to say thankyou to anyone who has ever helped me... THANK YOU

I also highly recommend everyone visit the following for a list of vulnabilities in PHP:
http://www.securereality.com.au/studyinscarlet.txt

I think the title of this document is misplaced. It should not be "Exploiting Common Vulnerabilities in PHP Applications", since none of the things he mentions is PHP's fault. It should rather be called "The dangers of making mistakes when programming PHP". Anyone with a good sense about the workings of PHP can program pretty secure PHP applications, imho. I'm not bashing the article here, I just don't want documents like that to give PHP a bad name, personally.

I've read that paper quite long time ago, and frankly it is not all that good. Most of it is a common sense, and I dont know why so many people consider it being a good source.

Maybe because of the fact that it is common sense
Most problems on this line of work are usually simple and can be corrected with a little brainwork.

There is an age old saying something along the lines of 'You can't teach common sense' I forget it all, but well I'm only 21 and some of the people I have met in my life, well reading a paper just won't help people learn common sense, you either have it or you don't.

Just my 2 cents.

I didn't write that paper, I just found it... the contents in it may be common sense to the advanced PHP users, but devshed and a lot of the other people who provide tutorials on PHP do not contain or practice any of the security fixes for the issues discussed in that paper.

I learned PHP/MySQL through tutorials posted on devshed, phpbuilder, webmonkey and examples of other peoples code posted in these forums. Not once have I found a single tutorial on the security issues relating to PHP and it was only during the last couple of months that it has been posted in these forums.

PHP is a very good language, but more needs to be done in tutorials about warning new users of the potential security vulnabilities in PHP, Before they find out that the programs they have written, have allowed crackers access to sensative data or allowed them to use their host as a third-party D.o.S attack station.

If you think what I am doing is a little over the top, well thats your opinion and it is noted, but just remember three things.

1. It's OUR code that WE post to help people in the forums and it is quite often that they will use OUR code in some chopped up form.

2. People who do read and learn from tutorials, use the code examples in these tutorials in REAL applications...

3. You want people to learn this great language properly, then start discussing these issues and doing tutorials on them.

I just thought I might add another 2cents to the discussion.

God Bless
Scott

why do people take everything so personally lately?

No idea mate, obviously constructive criticism is no longer allowed.

I didn't take it personally... if it sounded that way, then I am sorry and I will try watch the way I type things in future.

I get a little irrate when people automatically assume people who are new to PHP know the security risks involved in using PHP in commercial sites. Its just the same as not everyone knows how to use and config Linux or Unix as a secure server.

PHP is a great language and I really enjoy using it, but I also believe that more needs to be done to educate future and current learners/users of the language about its holes and flaws.

If PHP users really want it to be a serious competitor in the commercial market, then they are going to have to start looking at these issues. Thats probably why PHP is no where near as popular ASP, ColdFusion or JSP on commercial sites or intranets (I assume because of the number of job vacancies in these languages compared with the PHP ones).

So... forgive me... ???

Scott

>>Its just the same as not everyone has a degree computer science or a trade qualification.
I don't
>>PHP is a great language and I enjoy using it,
>>but I also believe that more needs to be done to educate future
>>and current learners/users of the language about its holes and flaws.
holes are not in the languages. What we call 'holes' is NOTHING but a product of creative mind, so how are you going to educate users creativity?
>>If PHP users really want it to be a serious competitor in the commercial market
they do have thier nice spot already, check statistics
>>Thats probably why PHP is no where near as popular ASP,
>>ColdFusion or JSP on commercial sites or intranets
ASP promoted by microsoft, jsp by sun, php by...by....hmm...Rasmus? How many people know him (compare to microsoft and sun)? about zero? I don't know why in the world you mentioned cf, because in my mind it is a parody on a language. And where's c?
>>I assume because of the number of job vacancies in these
>>languages compared with the PHP ones
PHP has been around for what, 5-6 years?

Bottom line: PHP is doing just great for its position.

>> I don't

neither do I, but then I realised not many do... so I chaged it...

>> holes are not in the languages. What we call 'holes' is NOTHING but a product of creative mind, so how are you going to educate users creativity?

So what, it still helps to actually discuss it... after all how are they going to know that if we don't warn them or show them how to do things better... Creativity begets Creativity

>> they do have thier nice spot already, check statistics

Ever heard of "statics and other dam lies".. You might find it at Amazon.com if you don't mind other people using your credit card.

>> ASP promoted by microsoft, jsp by sun, php by...by....hmm...Rasmus? How many people know him (compare to microsoft and sun)? about zero? I don't know why in the world you mentioned cf, because in my mind it is a parody on a language. And where's c?

So whats stoppin PHP?? lack of vision and support??

Do you understand the new internet laws relating to e-commerce?? well neither does your average new php user, who will probably run through two tutorials make one or two posts on this and then put a very insecure site online.

MS and Sun both incorporate Security as a main module in the foundation learning material...

CF may be a parody, but it is still widely used on intranets and e-commerce sites... and is pretty easy to learn, once you find a good book (which usually incorporates security as a main module usually).

"Gee Brain, what are we going to do tonight? Same thing we do every other night... TRY AN TAKE OVER THE WORLD!" Sorry couldn't help myself... Pinky and the Brain are legends... they remind me of geeks tryin to topple MS

I haven't really come across many C based sites... except for http://www.ht.com.au

>> PHP has been around for what, 5-6 years?

Yikes is that all... kind of the same amount of time as JSP.. no?

My Job Sources:
http://www.seek.com.au/
http://www.monster.com.au/
http://itjobs.mycareer.com.au/

With that said... and on a different note I highly recommend that new movie (new in AU.. it just came out on DVD) "Anti-Trust"...

God Bless
Scott

aight, deepsring, lets stop fighting over what's more popular and why, shall we? I agree on most of your points, and that is what we need.
I've seen antitrust about a month ago ( or may be more), quite nice...has anyone noticed the bad dude looks much like gates?

LOL.... yes, it's un-canny aint it

They even mention his name in the movie I think...

He also looks like the "Norton" guy of the "Norton SystemWorks" box...

I loved how they actually used SGI Linux this time instead of what they normally do in techo movies...

Sorry... I will stop argueing now...

I am no *nix guru, so.. you remeber when the guy got inside and started looking into files (in some child care room or smth), so he was typing somethng - was it making any sense (his typing)?