Justin French wrote: > This list really does work best (ie best results for you) if you come to us > with a specific problem, rather than something general.
I totally agree. Sorry to have asked such a wide question but in this case it is a bit of a chicken-or-the-egg situation. To make your scripts secure you need to make sure they no insecure programming practices. But how do you find out what insecure programming practices are? You only find out after someone exploits it. If I knew that someone can use a PHP session to somehow run malicious scripts on my server than I would do a search on Google for "PHP session security advisory" or something like that and find out how to secure my scripts against this. But I'd have to know in the first place that such a security problem exists with sessions. I guess what I am looking for is a kind of "best practices for security" list for PHP programming. Do's and Don't, or a list of common pitfalls and how to avoid them. Can anyone point me to such a list or tutorial? Jc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php