PHP security under scrutiny

PHP security under scrutiny
Robert Lemos, SecurityFocus 2006-12-18

Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based Web applications.

Expand all | Post comment

PHP security under scrutiny 2006-12-19
felosi (1 replies)

Re: PHP security under scrutiny 2006-12-19
Anonymous (1 replies)

Actually, that's not true, it would seem that the latest version of PHP and Apache still suffer from some vulnerabilities. I've been writing PHP code since as far back as 1998, and applications as a whole since 1986. However, it would seem that someone was able to perform an exploit within PHP 5.2.0, and I'm not talking remote code execution. But they were able to circumvent the security of the system and log in as any web-application user they chose. There are no known exploits for the versions and the configuration, yet they still got in. Hmmmmmmm... Nope, I'm investigating other languages as I type, and seeing this article here today, and the events on or about early December this year only hardens my resolve to abandon this wonderfull, yet insecure language. (sigh...)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11430/34244#34244

Re: Re: PHP security under scrutiny 2006-12-19
felosi

PHP security under scrutiny 2006-12-19
Anonymous

PHP security under scrutiny 2006-12-20
A. Molenaar

PHP security under scrutiny 2006-12-21
Platinax

What caused other 57%? 2007-01-21
Anonymous (1 replies)

Re: What caused other 57%? 2007-02-14
Anonymous

PHP security under scrutiny 2007-02-01
Anonymous (1 replies)

Re: PHP security under scrutiny 2008-03-03
Anonymous