oreilly.comSafari Books Online.Conferences.


PHP Security, tripwire, Linux Upgrade Woes, and Samba

by chromatic
Linux Newsletter for 03/24/2003

Hello again, welcome to the Linux newsletter. Spring is finally here (in the northern hemisphere), so in between cleaning out that crufty home directory and figuring out a way to get a fifth season of Farscape, take a break to read this past week's new ONLamp articles.

Our Linux in the Enterprise columnist, David HM Spector, starts with a serious question. Why is it so hard to upgrade the base operating system while leaving userland alone on a Linux box? This is important for a business setting, where installing fresher vendor packages can change application behavior dramatically. Is there a better way? Read more in It's a Cycle of Life Thing: Managing Linux Releases.

The nice thing about PHP is that it's so easy to make a nice, dynamic site. Unfortunately, as with any other language, security's often a trade-off between ease and paranoia. Clancy Malcom, a new contributor, explains five things to keep in mind as you're writing PHP applications, in the first of two articles. Read more in Ten Security Checks for PHP Code, Part 1.

Having explained file-integrity checking in the last FreeBSD Basics column, Dru Lavigne turns her attention to tripwire, an excellent and free IDS. Learn just enough to be sufficiently paranoid in Checking System Integrity with Tripwire.

To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

To change your newsletter subscription options, please visit and click the"Manage My Newsletters" link. For assistance, send email to

Two Samba articles graced our pages this week. In the first, Jason Deraleau explains how to configure it on a Macintosh running Mac OS 10.2. Read more in Windows Sharing for the Mac. Heterogenous goodness! Also, Name Resolution and Browsing in Samba, Part 2, an excerpt from "Using Samba, 2nd Edition," explains how to add a Samba server to a Windows network. (It won't whiten your teeth or thicken your hair, but it may make you sleep easier at night.)

That'll do it for this week. Remember, same time and place next week to hear more about GD with PHP 4.3 and what the Bishop Brothers learned while writing Egoboo.

Until then,

Technical Editor
O'Reilly Network and Linux DevCenter Top Five Articles Last Week

  1. It's a Cycle of Life Thing: Managing Linux Releases
    Linux distributions have grown in complexity and completeness over the past few years--and that's a good thing. Shipping a comprehensive list of utilities is a selling point for a distribution. Of course, this bundling can come at the price of upgrade ease. David HM Spector explores an old idea for improving enterprise Linux adoption by separating applications from the core OS.

  2. Ten Security Checks for PHP, Part 1
    The same global access that makes web apps useful means that you have to keep on top of security. Though it's easy to create sites in PHP, it's not immune to sloppy coding. Clancy Malcolm explains how to recognize and fix five potential security holes with PHP in the first of two articles.

  3. Egoboo: The Cute Way to Dungeon Role Play
    Dungeon crawls are as popular among the computer RPG crowd as first person shooters are among the action crowd. In the open source world, Egoboo is perhaps the cutest and most accessible RPG. Howard Wen examines the project, its history, and its future.

  4. Hackers Meet Soldiers
    OpenBSD has a well-deserved reputation for fanatical security. Why is the U.S. military funding it? What do you get out of it? Cameron Laird and George Peter Staplin investigate.

  5. Working with Forms in PHP, Part 1
    PHP is handy for templating and displaying dynamic data, but you're missing its full power until you handle user data. John Coggeshall explains how PHP 4.3 handles form submissions securely and sanely.

Return to the list of Linux Newsletters.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: