Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
PHP apps: Security's Low-Hanging Fruit
Kelly Martin, 2007-01-08

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
Josef Meixner
Then why do 'include' and 'require' even take URIs? Can you think of any valid use which is not a security hole? So why not take it out, the apps which break are probably insecure in any case.

If that ability is really needed, then why not add 'remote_include' and 'remote_require'. That way the p...

[ more ]  




 

Privacy Statement
Copyright 2008, SecurityFocus