SecurityFocus

PHP security (or the lack thereof) Jun 16 2006 11:21AM
Darren Reed (avalon caligula anu edu au) (4 replies)

Re: PHP security (or the lack thereof) Jun 22 2006 12:15PM
john mullee (jmullee yahoo com) (1 replies)

Re: PHP security (or the lack thereof) Jun 24 2006 10:42PM
Darren Reed (avalon caligula anu edu au) (2 replies)

Re: PHP security (or the lack thereof) Jun 27 2006 05:47AM
Tonnerre Lombard (tonnerre lombard sygroup ch) (1 replies)

Re: PHP security (or the lack thereof) Jun 27 2006 10:27AM
Darren Reed (avalon caligula anu edu au)

Re: PHP security (or the lack thereof) Jun 27 2006 03:38AM
Ronald Chmara (ron Opus1 COM) (1 replies)

Re: PHP security (or the lack thereof) Jul 05 2006 04:17PM
Dan Falconer (dan avsupport com) (1 replies)

Re: PHP security (or the lack thereof) Jul 06 2006 06:47AM
Darren Reed (avalon caligula anu edu au)

Re: PHP security (or the lack thereof) Jun 19 2006 05:07PM
Neil Neely (neil frii com) (1 replies)

RE: [lists] Re: PHP security (or the lack thereof) Jul 16 2006 11:26PM
Curt Purdy (purdy tecman com)

> Neil Neely wrote:
> For those of us that have to administer shared hosting
> servers where customers can and do build/install very poorly
> written web applications it can be a full time job trying to
> protect your server.
Snip

At my the ISP I used to run, we used a "chroot jail" so that every site had
its own little bubble that could not be broken through. A cracker could
compromise a site and deface it or whatever, but could not traverse to any
other location on the server. Therefore a customer could have the most
insecure php app around with a back-door in a "free" PHP module they got off
the Net and could be embarassed by a cracker but no-one else would suffer
including my BSD server.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
Information Security Officer
Information Systems Security
infosysec.net
443.846.4231

-------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

[ reply ]

Re: PHP security (or the lack thereof) Jun 17 2006 01:50AM
Jose Nazario (jose monkey org) (1 replies)

Re: PHP security (or the lack thereof) Jun 17 2006 06:06PM
Geo. (geoincidents nls net) (2 replies)

Re: PHP security (or the lack thereof) Jun 22 2006 01:01AM
Crispin Cowan (crispin novell com)

Re: PHP security (or the lack thereof) Jun 20 2006 04:54AM
kicktd (cooljay1804ml bellsouth net) (1 replies)

Re: PHP security (or the lack thereof) Jun 20 2006 10:02AM
Geo. (geoincidents nls net)

Re: PHP security (or the lack thereof) Jun 16 2006 11:06PM
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)

Re: PHP security (or the lack thereof) Jun 17 2006 05:08PM
Jessica Hope (jessicasaulhope googlemail com)