-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo Nayana!
On Mon, 1 Nov 2004, Nayana Somaratna wrote:
> However, when browsing the web, I found an article which said that "it
> requires an expert to lockdown php" (Sorry, but I can't quite recall
> the URL).
Saying PHP in insecure is like saying C is insecure. Until their is
a programmer involved, writing bad code, there is no problem. Just like
C if the programmer carefully validates and contrains ALL input then
the program is not only secure but robust.
> So, I'd like to ask the members of this list - how difficult is it to
> secure php ? Do you really need a security "expert" to do this ?
PHP has very good write ups on security in the online doc. Here is the
chapter:
http://www.php.net/manual/en/security.php
If you can read, understand and FOLLOW those recomendatins then you are OK.
If not, then get the assistance of an "expert" that does.
RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem_at_rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW
eANLHG73S0GOZcgi5zyIVW0=
=VsB9
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Nov 01 2004
Intro
