Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How secure is PHP ?
From: "Gary E. Miller" <gem () rellim com>
Date: Mon, 1 Nov 2004 11:05:15 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Nayana!

On Mon, 1 Nov 2004, Nayana Somaratna wrote:

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

Saying PHP in insecure is like saying C is insecure.  Until their is
a programmer involved, writing bad code, there is no problem.  Just like
C if the programmer carefully validates and contrains ALL input then
the program is not only secure but robust.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

PHP has very good write ups on security in the online doc.  Here is the
chapter:

        http://www.php.net/manual/en/security.php

If you can read, understand and FOLLOW those recomendatins then you are OK.
If not, then get the assistance of an "expert" that does.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW
eANLHG73S0GOZcgi5zyIVW0=
=VsB9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault