--- Shaun <[EMAIL PROTECTED]> wrote:
> However, due to the nature of the site I need to make sure it is 110%
> secure against hacks etc. Now I know this isn't actually possible
That's a very good thing to realize. Security is a measurement, sort of
like temperature, so saying something is 100% secure is like saying
something is 100% hot. It can always be hotter. :-)
> I would appreciate any advice on how I can get it as secure as possible,
> I have no experience on this aspect of web development.
Peer code reviews are good and cheap. It all comes down to how much you're
willing to spend on security. Professional code reviews are also good, but
they can be extremely expensive. Another good idea is to educate yourself,
since you probably know your own code the best. There is a lot of great
information that has been posted on this list. Just search for security in
the archives.
There is also a book being written on the topic I hear. :-) But, none
exist yet. Oh, the OWASP guide has a little bit of information on PHP.
I've read it, and it's pretty good advice (I disgree about some of their
coding standards, but that's not too important).
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
