From c3f9fa711a5dd123e39bae0e35a2f5e8059d3708 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Mon, 29 Oct 2012 13:02:58 +0100
Subject: [PATCH] added security page

---
 developer_manual/index.rst    |  1 +
 developer_manual/security.rst | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 developer_manual/security.rst

diff --git a/developer_manual/index.rst b/developer_manual/index.rst
index a4d9196b5..de5719923 100644
--- a/developer_manual/index.rst
+++ b/developer_manual/index.rst
@@ -14,6 +14,7 @@ Contents
    configfile
    templates
    unittests
+   security
 
 
 
diff --git a/developer_manual/security.rst b/developer_manual/security.rst
new file mode 100644
index 000000000..5dc249c85
--- /dev/null
+++ b/developer_manual/security.rst
@@ -0,0 +1,17 @@
+Security
+========
+
+Blacklisted PHP functionality
+-----------------------------
+**echo, print(), <?=**
+ Use $this->p in templates instead
+**error_log** 
+ Use throw new Exception("Description") instead
+**==** 
+ Use === instead
+**!=** 
+ Use !== instead
+**rand(), srand(), mt_rand()**
+ Use openssl_random_pseudo_bytes() instead
+
+TBD