mailing list archives
Re: PHP Security Risk?
From: Greg Donald <destiney () gmail com>
Date: Fri, 3 Dec 2004 16:17:34 -0600
On Fri, 3 Dec 2004 15:48:32 +0100 (CET), John GALLET
<john.gallet () wanadoo fr> wrote:
The real danger is that this security part is left te be handled by the
*programmer* not the sysadmin.
Wrong. Sysadmins have full control over the httpd.conf and the
php.ini files. Any functions, classes, file extensions, execution
access, etc., that he/she feels unsafe may be disabled quite easily.
Web server security involving PHP is certainly not 'left to be
handled' only by the programmer. The sysadmin has many facilities to
ensure a secure environment exists.
Zend Certified Engineer