Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How secure is PHP ?
From: Meder Kydyraliev <meder () o0o nu>
Date: Mon, 1 Nov 2004 22:29:04 +0800

You should check out 'study in scarlet' also, which points out some of the
common programming/configuration mistakes:

http://www.securereality.com.au/studyinscarlet.txt


Meder

On Mon, Nov 01, 2004 at 07:13:14PM +0530, Sandeep Sengupta wrote:
Hi Nayana,

1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat.
http://bugs.php.net/bugstats.php

Total bug entries in system: 30352  
Closed: 17087   Open: 1267   Critical: 4   

-----

Some more resources ---

2) http://www.developer.com/lang/article.php/918141
On the Security of PHP, Part 1 - Jordan Dimov

3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
PHP Security Mistakes - Dave Clark

The security of the application depends mostly on 'how you code',
which I believe you already know. I hope the above links will be of
some help. Good luck :-)

Warm regards,
Sandeep.

-----Original Message-----
From: Nayana Somaratna [mailto:npsomaratna () gmail com]
Sent: Tue 02/11/2004 00:45
To:   full-disclosure () lists netsys com
Cc:   
Subject:      [Full-Disclosure] How secure is PHP ?
Hi everyone,

I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

While I am not a novice, I am defintely not an expert either -
expecially on security issues.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

P.S. The few hundred students mentioned above are IT students ;-)

Thanks,

- Nayana

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]