|
|
BugTraq
new linux malware Feb 18 2006 10:40PM Gadi Evron (ge linuxbox org) (2 replies) Re: new linux malware Feb 20 2006 04:57PM Christine Kronberg (Christine_Kronberg genua de) (1 replies) PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 20 2006 08:22PM Gadi Evron (ge linuxbox org) (2 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dec 30 2006 10:00PM Kevin Waterson (kevin oceania net) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 05:53PM Bill Nash (billn billn net) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 09:00PM Tino Wildenhain (tino wildenhain de) (1 replies) RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 09:31PM Jim Harrison (Jim isatools org) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 01 2007 10:37PM Dana Hudes (dhudes hudes org) (1 replies) RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 12:02AM Jim Harrison (Jim isatools org) (2 replies) Re: PHP as a secure language? PHP worms? Jan 02 2007 12:01PM Duncan Simpson (dps simpson demon co uk) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 10:58AM Darren Reed (avalon caligula anu edu au) (2 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 03:16PM Dana Hudes (dhudes hudes org) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 06:48PM Lawrence Paul MacIntyre (macintyrelp ornl gov) RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 02:15PM Jim Harrison (Jim isatools org) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 06:37PM Darren Reed (avalon caligula anu edu au) (3 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 03 2007 05:16AM Ronald Chmara (ron Opus1 COM) (1 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 04 2007 08:59PM Jim Manico (jim manico net) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 09:07PM Bill Nash (billn billn net) RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jan 02 2007 07:18PM Jim Harrison (Jim isatools org) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 22 2006 10:48AM Kevin Waterson (kevin oceania net) (2 replies) Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Feb 24 2006 09:07PM Jamie Riden (jamie riden gmail com) Re: new linux malware Feb 20 2006 04:24PM Marco Monicelli (marco monicelli marcegaglia com) (1 replies) |
|
Privacy Statement |
does MySQL. So does Linux. So does sshd. So does Windows. To claim
that we should abandon any individual service simply because it has
security bugs is absurd. Yes, there are non-trivial problems with
PHP's memory management, but the same could easily be said for Java as
well.
I don't really get Gadi's point. Is he claiming that keeping up to
date on security fixes is too much of a hassle for him? Or is he
claiming that he doesn't want to use PHP applications, because they
are often riddled with security holes? Or is he just bitching in
general that there's insecure software out there? It seems like it's
probably the latter. When's the last time you saw a super-secure
program written in Perl, or ColdFusion, or ASP, or any other web
language for that matter? People do buffer overflow attacks on Apache
all the time, is he planning on abandoning that?
Security requires vigilance, get over it.
On 2/22/06, Kevin Waterson <kevin (at) oceania (dot) net [email concealed]> wrote:
> This one time, at band camp, Gadi Evron <ge (at) linuxbox (dot) org [email concealed]> wrote:
>
>
> > 3. Staying on top of new PHP vulnerabilities has become impossible,
> > popping around everywhere.
>
> What vulnerabilities in PHP?
> Are implying the fault is within the language itself?
> This is akin to saying C has vulnerabilites because some script kiddie
> wrote a poor application.
>
> >
> > 4. Determining how secure a PHP application is, looking at the code and
> > for how silly past vulnerabilities were (i.e. looking at the coder
> > rather than the code) is now more important than the actual application.
>
> As with all web based technologies, security should be the foundation of the application
>
> > Much like their self criticism said, PHP needs to grow to a far more
> > secure language, much like we need to chose more carefully what PHP
> > software we use.
> Which self critism is this?
>
> >
> > Some of us have been joking for a while about creating a script to
> > choose from different paragraph we create, and email bugtraq
> > re-assembling the randomly with a new PHP bug and a random PHP
> > application name every few hours. Would any of us be able to readily
> > tell the difference?
>
> Perhaps we can do the same for linux kernel problems and blame it on C?
>
> Kind regards
> Kevin
>
>
> --
> "Democracy is two wolves and a lamb voting on what to have for lunch.
> Liberty is a well-armed lamb contesting the vote."
>
[ reply ]