PHP security under scrutiny

PHP security under scrutiny
Robert Lemos, SecurityFocus 2006-12-18

Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based Web applications.

Expand all | Post comment

PHP security under scrutiny 2006-12-19
felosi (1 replies)

Re: PHP security under scrutiny 2006-12-19
Anonymous (1 replies)

Re: Re: PHP security under scrutiny 2006-12-19
felosi

Well, I agree there is some local issues but I have been experimenting with suhosin from hardened-php.net and it seems to stop the safe mode and open base exploits ive seen

Hardened-php seems to know their stuff and doing pretty good to secure php but running a fully patched hardened php is almost impossible, nothing works with it,

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11430/34246#34246

PHP security under scrutiny 2006-12-19
Anonymous

PHP security under scrutiny 2006-12-20
A. Molenaar

PHP security under scrutiny 2006-12-21
Platinax

What caused other 57%? 2007-01-21
Anonymous (1 replies)

Re: What caused other 57%? 2007-02-14
Anonymous

PHP security under scrutiny 2007-02-01
Anonymous (1 replies)

Re: PHP security under scrutiny 2008-03-03
Anonymous