Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How secure is PHP ?
From: ph0enix <ph0enix () layertwo net>
Date: Mon, 01 Nov 2004 14:17:26 +0100

Hi Nayana,

no, you don't need a security expert to secure your php scripts. But you also don't need to be a security expert to exploit php issues... =)

Have a look at this:

http://www.hardened-php.net/

HTH

Nayana Somaratna wrote:
Hi everyone,

I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

While I am not a novice, I am defintely not an expert either -
expecially on security issues.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

P.S. The few hundred students mentioned above are IT students ;-)

Thanks,

- Nayana

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]