PHP security under scrutiny

PHP security under scrutiny
Robert Lemos, SecurityFocus 2006-12-18

Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based Web applications.

Colapse all | Post comment

PHP security under scrutiny 2006-12-19
felosi (1 replies)

oh wow blame php, What a stupid article. maybe if web app developers made their apps more secure there wouldnt be so many vuln. PHP is still a farily new language people are learning more everyday, Ive yet to see a web app exploit where an atatcker was able to directly exploit the php with no known ...

[ more ] [ reply ]

Re: PHP security under scrutiny 2006-12-19
Anonymous (1 replies)

Actually, that's not true, it would seem that the latest version of PHP and Apache still suffer from some vulnerabilities. I've been writing PHP code since as far back as 1998, and applications as a whole since 1986. However, it would seem that someone was able to perform an exploit within PHP 5.2...

[ more ] [ reply ]

Re: Re: PHP security under scrutiny 2006-12-19
felosi

Well, I agree there is some local issues but I have been experimenting with suhosin from hardened-php.net and it seems to stop the safe mode and open base exploits ive seen

Hardened-php seems to know their stuff and doing pretty good to secure php but running a fully patched hardened php is almo...

[ more ] [ reply ]

PHP security under scrutiny 2006-12-19
Anonymous

PHP folks should claim "the Windows defense". So many people are using PHP that it would naturally be a target....

[ more ] [ reply ]

PHP security under scrutiny 2006-12-20
A. Molenaar

Why doesn't mister Esser put his effort in a real programming language, such as Python or Ruby or GPL'ed Java?...

[ more ] [ reply ]

PHP security under scrutiny 2006-12-21
Platinax

I would respectfully suggest it's the popularity of PHP that is being highlighted, rather than specific vulnerabilities.

...

[ more ] [ reply ]

What caused other 57%? 2007-01-21
Anonymous (1 replies)

What caused the other 57%?...

[ more ] [ reply ]

Re: What caused other 57%? 2007-02-14
Anonymous

MySQL...

[ more ] [ reply ]

PHP security under scrutiny 2007-02-01
Anonymous (1 replies)

only retards use php anyway...

[ more ] [ reply ]

Re: PHP security under scrutiny 2008-03-03
Anonymous

and what does a genius such as yourself use, hmmm?...

[ more ] [ reply ]