Northeast PHP 2012
11 - 12 Aug 2012 at Northeast PHP Boston

Funny and good pace but time constraints cut details off, plus had expected a more indepth talk - types of strategy vs have a strategy

The talk provided a good overview of some security basics, but was targeted at the beginner PHP developer. There were a couple critical oversights and mistakes, most obviously being the statement that MD5 is the industry standard password hashing algorithm. There was no mention of the serious flaws with MD5 and the ease with which collisions can can be found. There was only a passing mention of salt and no discussion of user versus general salts. There was no mention of the TRUE industry standards of sha256+ or bcrypt. The information that WAS provided is misleading at best and breathtakingly dangerous at worst.

I think that the talk was good - the amount of time limited how much detail could be described. But the overview was good, pointers to detailed tutorial were provided.

It looks like a very powerful system, I'll put it on my list of things to try.

really impressed with both the speaker and the content!

After seeing Tony's presentation I will consider using TYPO3 in the future. I would have liked an overview at the beginning so I could understand the process of setting up the site.

Great job

Typical great Sheeri presentation

There were some serious flaws with the talk, namely the fact that he claimed that md5 was an acceptable algorithm for hashing passwords, and mentioned salting them almost as an afterthought.