Essential PHP Security By Chris Shiflett O'Reilly Review by Roger Walker I am not a PHP programmer, but I figured the book would be useful for me as an administrator, for security reasons. After having a server hacked due to a client running an unvetted downloaded PHP script, I've been a bit paranoid on giving anyone else PHP access. However, after finding various PHP security information over the Internet, I've loosened such capability slightly on an "as required" basis. This book, however, has shown me that there are still a few areas that I need to pay attention to. The book is relatively short (about 100 pages) but very concise. The author starts with a quick review of PHP features, and security principles and practices as they apply to PHP. The chapters are organized around various categories of PHP that need attention, such as Forms/Urls, Databases, Sessions/Cookies, the php.ini file, and many more. One thing I would suggest has been omitted, but maybe shouldn't have been, is how to set up php.ini configurations in webserver configurations (i.e. vhosts files), to localize them. The book is undoubtedly intended for PHP programmers. At this time, I have no intentions of taking up the sport. However, as a site administrator, I find the book very useful for the security of the site as a whole, and allows me to constrain those who might endanger the site, and otherwise to vet clients' code. Though the book contains more information than I had found before, since I'm not very familiar with PHP, I can't judge how complete the information is. Recommended.