Hi guys, I've been looking into PHP security for over a month, after all the posts, tutorials, comments, replies to comments, making fun of comments, and then some more comments, I'm left pulling out my hair, while I admit I have really thick hair at this rate I'll be bald in no time.
It seems that there is NO GOOD GUIDE to security, plain and simple! All you find is bits and pieces that contradict each other most of the time and are very hard to put together, specially for aspiring developers.
In an effort to end this once and for all, I propose a community project, where we start a moderately complex site, and go through it bit by bit discussing how / best methods to secure and optimize it, that way once it is done:
- It can be examined by people to see how to secure a common application,
- Can be easily modified and updated as needed to cope with new security and
- PROVIDE A GOOD GUIDE ON PHP SECURITY.
If anyone has a better idea, I am open to suggestions, the alternative would be to actually create a comprehensive but understandable guide which takes you from a-z of security (as best as we can ofcourse).
Sorry for the ranting, but I'm sure many many people would appreciate the effort.