Chris Shiflett has posted about the release of the latest issue from php|architect - March 2006 - and some of the security-related content inside.
Another edition of php|architect has been published. I was especially excited to read this one, because it's Ilia's first month writing Security Corner. It's nice to see a topic explained from a different point of view, and there is still too little interest in security within the PHP community. (In other words, this is a rare opportunity.)
He discusses cross-site request forgeries, an attack first mentioned in php|architect back in 2003. Sadly, it remains one of the most dangerous, yet relatively unknown attacks. It deserves more attention.
Chris goes into more detail about the issue, noting some of the differences of opinion that he and Ilia seem to have about the finer points. There's also a pertinent secret shared about Chris' comment forms - check the post to see what it is.