Hello,
I' m currently working with the PHPDOC team on maintaining and
keeping up-to-date the PHP manual. I proposed in the PHPDOC
list to include some information about database security issues.
It aims to be an introduction into the very basics of how to
access and manipulate databases within PHP scripts. (the SQL
injection was that started up this idea.)
If you have any spare time to write a short paragraph or expose
a commonly used bad practise which can be hacked easily or
knowing a sitepage that's worth reading it, please let me know!
I hope you may share your valuable knowledge about this topic,
because I'm not a security professional who has been around a
very lot (but not a newbie).
I' m about to gather as much information as possible to
formulate the startings.
As an ex member of this mailing list I expect your proposals,
but please note that the primary goal of this article will be
an overview about how to use _any database_ in a _web based_
application what to allow and what to resist, not specifically
PostgreSQL. However I'm happy to receive such information, too.
(I've personally never used anything else but postgres :))
If a reasonable amount of tips and hints were received related
to postgres, then a database specific section would be opened
in the PHP manual, too.
Best regards,
--
Gyozo Papp
- gerzson(at)php(dot)net PS please CC me your replies!