Slides for the PHP Security talk at PHP|Works are now up. You can download them in either PowerPoint or PDF form. More to come shortly :-)

lchash is a little PHP extension that you can find at http://pecl.php.net/package/lchash which provides means of accessing and using native hash tables found in libC. The interface is really simple involving just 4 functions: lchash_create() - initialize a new hash table lchash_destroy() - destroy a hash table lchash_insert() - insert key/value pair into the hash lchash_find() - retrieve a values based on key By using this mechanism you can create a very fast and effecient memory-based data store for a script's duration.

About five months ago, during yet another flood of phpBB2 exploits Marco Tabini approached me with an idea of writing a security book for PHP. The idea was to provide a guide for people who want to make their applications safer as well as help them understand the possible consequences of various exploits. I thought the idea was quite appealing, a feeling a bit confident after a fairly extensive article authorship decided to take up the task. And so, for the next several months I was focused on effectively doing a brain dump of my knowledge on security. The process was extremely educational, since to explain any concept a far greater knowledge then the one needed to simply apply a fix is required, plus writing a book as I have learned is just “a tad” :-) more complex then an article. But with the help of Marco, my technical reviewer and Martin Streicher who has done a tremendous job at cleaning up my ranting, I think we've got an excellent PHP security resource. The book itself is 201 pages, a bit longer t...