SecurityFocus

Re: Re: PHP security (or the lack thereof) Jun 21 2006 11:52PM
nabiy hotmail com (2 replies)

Re: PHP security (or the lack thereof) Jun 24 2006 05:07AM
Ronald Chmara (ron Opus1 COM) (1 replies)

RE: PHP security (or the lack thereof) Jun 26 2006 04:06PM
Geo. (geoincidents nls net) (3 replies)

Re: PHP security (or the lack thereof) Jun 26 2006 07:37PM
Mrten (bugtraq ii nl)

Re: PHP security (or the lack thereof) Jun 26 2006 05:45PM
Paul Schmehl (pauls utdallas edu) (1 replies)

RE: PHP security (or the lack thereof) Jun 27 2006 11:53AM
Geo. (geoincidents nls net) (1 replies)

Re: PHP security (or the lack thereof) Jun 29 2006 12:44AM
Kevin Waterson (kevin oceania net)

Re: PHP security (or the lack thereof) Jun 26 2006 05:32PM
Matthias Kestenholz (lists spinlock ch) (1 replies)

RE: PHP security (or the lack thereof) Jun 27 2006 11:41AM
Geo. (geoincidents nls net) (1 replies)

Securing PHP or finding PHP alternatives (was: PHP security (orthe lack thereof)) Jul 08 2006 02:48AM
Gezim Hoxha (gezimetc shaw ca) (4 replies)

Re: Securing PHP or finding PHP alternatives Jul 11 2006 06:21AM
Michael Shigorin (mike osdn org ua)

Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Jul 10 2006 08:37PM
Meet Myself on the Internet (me arteabstracta net)

Re: Securing PHP or finding PHP alternatives (was: PHP security (orthe lack thereof)) Jul 10 2006 07:25PM
Matthias Kestenholz (lists spinlock ch)

Re: Securing PHP or finding PHP alternatives Jul 10 2006 05:37PM
Crispin Cowan (crispin novell com) (2 replies)

Re: Securing PHP or finding PHP alternatives Jul 11 2006 02:50PM
Sheryl Coppenger (gubydala his com) (2 replies)

Crispin Cowan wrote:
> Gezim Hoxha wrote:
>> 1.) If I have to write PHP, how do I write secure PHP? Give me a number
>> of ensures that I can follow and check-mark each and live a happy
>> life--for the most part.
>>
> Program defensively:
[snip]
> Test your system:
[snip]

There's at least one book out on PHP security. Is there anyone here who
has used it and has comments? I'm not experienced enough in PHP to judge:

Pro PHP Security
by Chris Snyder and Michael Southwell
Apress © 2005 (528 pages)
ISBN:1590595084

> Wrap it in AppArmor http://en.opensuse.org/AppArmor for when you screw
> up ^W^W don't do all the above perfectly.

But that's only available if you're using Suse, right? What about
hardened PHP, modsecurity, putting Apache in a chroot jail, that sort of
thing?

Sheryl

[ reply ]

Re: Securing PHP or finding PHP alternatives Jul 21 2006 07:29PM
Crispin Cowan (crispin novell com)

Re: Securing PHP or finding PHP alternatives Jul 18 2006 09:35PM
Michael Cordover (michael cordover gmail com)

Re: Securing PHP or finding PHP alternatives Jul 11 2006 07:54AM
SkyFlash (webmaster hackquest de) (1 replies)

Re: Securing PHP or finding PHP alternatives Jul 18 2006 04:58AM
Crispin Cowan (crispin novell com)

Re: PHP security (or the lack thereof) Jun 23 2006 08:16PM
Crispin Cowan (crispin novell com) (3 replies)

Re: PHP security (or the lack thereof) Jun 24 2006 12:43PM
Glynn Clements (glynn gclements plus com)

Re: PHP security (or the lack thereof) Jun 24 2006 08:28AM
Daniel Hulme (bugtraq doublezero uklinux net)

Re: PHP security (or the lack thereof) Jun 24 2006 05:55AM
Tobias J. Kreidl (Tobias Kreidl NAU EDU)