Rochak Chauhan has come up with a list of ten things, some security problems that could be lurking in your applications waiting to pop up at the worst time. Here's his list:

• Unvalidated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting (XSS) Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure Use of Cryptography
• Remote Administration Flaws
• Web and Application Server Misconfiguration

Each item on the list has a bit of detail (and sometimes some code) to help point out the problem. Some of them even have references to external sources and packages to help you solve the problems.

Pierre-Alain Joye has a little reminder posted to his blog today about two posts from planet-debian and Apache that refer to clones/references in PHP4 and PHP5 and some of the misconceptions presented there.

Reading planet-debian and Apache (from Sven and David), I catched two posts about clones and references in php4 and php5. I do not think it is worth to explain again everything here as Sara wrote a very good post already, check it out here.

He mentions his annoyance with articles/posts like these and the impact that it has on PHP as well as the person posting.

I wonder when the OS community in general will be mature enough to stop bitching at each other. And that's valid for PHP developers, gnome-kde and other well established wars.

Nefarious Designs has posted part two of their look at the object-oriented functionality, this time, there's a focus on the relationships objects and their friends have.

Following on from my posts "Object-Oriented Concepts" and "Object-Oriented Javascript", I'm going to take a look at OOP in PHP.

In "Part 1: Definition" we took a look at defining objects and classes in PHP. In part 2 I'm going to look at the most important part of any object-oriented system - the relationships.

They look at inheritance, association, aggregation, and references. Code examples are sprinkled liberally to help illustrate the points.

Chris Shiflett has posted his brief recap of his experience at the php|tek conference this year, including links to two helpful references - the page of slides provided by php|architect and a Cluesheet of tons of info from the conference.

There's also a comment made about the Call for Papers for php|architect's next conference later in the year.

Well, Davey Shafik started it with this post on his blog, and Firman Wandayandi (of DotGeek) continues it - a listing of "references on their desktop" - books/magazines/etc that are around them at all times for their reference.

From Davey:

Mine are:

• Sams Teach Yourself MySQL in 10 Minutes
• JavaScript: The Definitive Guide
• Essential PHP Security
• XSLT
• PHP|Architect's Guide to PHP Design Patterns
• The latest issue of php|architect

And Firman's:

• Wrox Professional CSS Cascading Style Sheets for Web Design
• Design Patterns: Elements of Reusable Object-Oriented Software (Addison-Wesley Professional Computing Series)
• Manning Ajax in Action
• PHP|Architect issues
• PHP Manual
• PEAR Manual

What kind of reference materials do you use? What books are on your desk that never seem to collect dust because is seems like they're always in use? Do you have one of the giant PHP posters on your wall that SitePoint was offering? Post your comments below!