And thus the second day of ApacheCon is over. It’s been a great conference so far, and I’ve learned quite a bit. My favorite talk thus far was the one on Web App Security by Christian Wenz. He’s one of Chris Shiflett’s buddies (who I also had a chance to meet this morning after the talk) over at PHPSec. I already knew what sorts of things went into breaking into sites, XSS, etc, but what I saw today was quite jaw-dropping at how easy it really is to do all these things. I suppose what’s been a great benefit to PHP will also be the downfall for many sites out there whose programmers haven’t been careful enough to check for tainted input.
Here’s a good start for those of you interested in more PHP security: http://www.phpsec.org/
Thanks to German, the DFL story is getting around a bit. A lot of people really don’t know what to think when they hear about it, and understandably so. Then again, we’re also among the very few who belong to academic/non-profit organizations (FOSS aside). In essence, it’s an odd data processing web app built with Java and PHP. It’s a pretty original idea, and there have been very few, if any, projects to come before us doing similar things (none quite to this extent).