Full Disclosure: Re: How secure is PHP ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: How secure is PHP ?

From: Meder Kydyraliev <meder () o0o nu>
Date: Mon, 1 Nov 2004 22:29:04 +0800

You should check out 'study in scarlet' also, which points out some of the
common programming/configuration mistakes:

http://www.securereality.com.au/studyinscarlet.txt


Meder

On Mon, Nov 01, 2004 at 07:13:14PM +0530, Sandeep Sengupta wrote:

Hi Nayana,

1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat.
http://bugs.php.net/bugstats.php

Total bug entries in system: 30352  
Closed: 17087   Open: 1267   Critical: 4   

-----

Some more resources ---

2) http://www.developer.com/lang/article.php/918141
On the Security of PHP, Part 1 - Jordan Dimov

3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
PHP Security Mistakes - Dave Clark

The security of the application depends mostly on 'how you code',
which I believe you already know. I hope the above links will be of
some help. Good luck :-)

Warm regards,
Sandeep.

-----Original Message-----
From: Nayana Somaratna [mailto:npsomaratna () gmail com]
Sent: Tue 02/11/2004 00:45
To:   full-disclosure () lists netsys com
Cc:   
Subject:      [Full-Disclosure] How secure is PHP ?
Hi everyone,

I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

While I am not a novice, I am defintely not an expert either -
expecially on security issues.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

P.S. The few hundred students mentioned above are IT students ;-)

Thanks,

- Nayana

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: How secure is PHP ?, (continued)
- Re: How secure is PHP ? Morgan Reed (Nov 02)
- RE: How secure is PHP ? Sandeep Sengupta (Nov 01)
  - Re: How secure is PHP ? Meder Kydyraliev (Nov 01)
- Re: How secure is PHP ? J b (Nov 04)
  - Re: How secure is PHP ? VeNoMouS (Nov 04)
  - Re: How secure is PHP ? Matt (Nov 05)
    - Re: How secure is PHP ? Gary E. Miller (Nov 05)
    - Re: How secure is PHP ? Matt (Nov 05)