--- Shaun <[EMAIL PROTECTED]> wrote: > However, due to the nature of the site I need to make sure it is 110% > secure against hacks etc. Now I know this isn't actually possible
That's a very good thing to realize. Security is a measurement, sort of like temperature, so saying something is 100% secure is like saying something is 100% hot. It can always be hotter. :-) > I would appreciate any advice on how I can get it as secure as possible, > I have no experience on this aspect of web development. Peer code reviews are good and cheap. It all comes down to how much you're willing to spend on security. Professional code reviews are also good, but they can be extremely expensive. Another good idea is to educate yourself, since you probably know your own code the best. There is a lot of great information that has been posted on this list. Just search for security in the archives. There is also a book being written on the topic I hear. :-) But, none exist yet. Oh, the OWASP guide has a little bit of information on PHP. I've read it, and it's pretty good advice (I disgree about some of their coding standards, but that's not too important). Hope that helps. Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php