BugTraq
Re: Re: PHP security (or the lack thereof) Jun 21 2006 11:52PM
nabiy hotmail com (2 replies)
Re: PHP security (or the lack thereof) Jun 24 2006 05:07AM
Ronald Chmara (ron Opus1 COM) (1 replies)
RE: PHP security (or the lack thereof) Jun 26 2006 04:06PM
Geo. (geoincidents nls net) (3 replies)
Re: PHP security (or the lack thereof) Jun 26 2006 07:37PM
Mrten (bugtraq ii nl)
Re: PHP security (or the lack thereof) Jun 26 2006 05:45PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: PHP security (or the lack thereof) Jun 27 2006 11:53AM
Geo. (geoincidents nls net) (1 replies)
Re: PHP security (or the lack thereof) Jun 29 2006 12:44AM
Kevin Waterson (kevin oceania net)
Re: PHP security (or the lack thereof) Jun 26 2006 05:32PM
Matthias Kestenholz (lists spinlock ch) (1 replies)
RE: PHP security (or the lack thereof) Jun 27 2006 11:41AM
Geo. (geoincidents nls net) (1 replies)
Securing PHP or finding PHP alternatives (was: PHP security (orthe lack thereof)) Jul 08 2006 02:48AM
Gezim Hoxha (gezimetc shaw ca) (4 replies)
Re: Securing PHP or finding PHP alternatives Jul 11 2006 06:21AM
Michael Shigorin (mike osdn org ua)
Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Jul 10 2006 08:37PM
Meet Myself on the Internet (me arteabstracta net)
Re: Securing PHP or finding PHP alternatives (was: PHP security (orthe lack thereof)) Jul 10 2006 07:25PM
Matthias Kestenholz (lists spinlock ch)
Re: Securing PHP or finding PHP alternatives Jul 10 2006 05:37PM
Crispin Cowan (crispin novell com) (2 replies)
Re: Securing PHP or finding PHP alternatives Jul 11 2006 02:50PM
Sheryl Coppenger (gubydala his com) (2 replies)
Re: Securing PHP or finding PHP alternatives Jul 21 2006 07:29PM
Crispin Cowan (crispin novell com)
Sheryl Coppenger wrote:
> Crispin Cowan wrote:
>
>> Wrap it in AppArmor http://en.opensuse.org/AppArmor for when you screw
>> up ^W^W don't do all the above perfectly.
>>
> But that's only available if you're using Suse, right?
No. AppArmor ships with SUSE Linux, but ports are available for
Slackware, Ubuntu, and Pardus Linux. I have heard of several ports to
Red Hat, but so far no one has chosen to release it. It is open source,
and you can port it to any Linux you like, as long as it has a 2.6 kernel.

> What about
> hardened PHP, modsecurity,
Those are good things too.

> putting Apache in a chroot jail,
That only jails all of Apache at once into a single large cell. AppArmor
can confine each individual PHP page separately. And each PHP pages'
confinement can overlap with others, allowing the components of the web
site to work together.

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hack: adroit engineering solution to an unaticipated problem
Hacker: one who is adroit at pounding round pegs into square holes

[ reply ]
Re: Securing PHP or finding PHP alternatives Jul 18 2006 09:35PM
Michael Cordover (michael cordover gmail com)
Re: Securing PHP or finding PHP alternatives Jul 11 2006 07:54AM
SkyFlash (webmaster hackquest de) (1 replies)
Re: Securing PHP or finding PHP alternatives Jul 18 2006 04:58AM
Crispin Cowan (crispin novell com)
Re: PHP security (or the lack thereof) Jun 23 2006 08:16PM
Crispin Cowan (crispin novell com) (3 replies)
Re: PHP security (or the lack thereof) Jun 24 2006 12:43PM
Glynn Clements (glynn gclements plus com)
Re: PHP security (or the lack thereof) Jun 24 2006 08:28AM
Daniel Hulme (bugtraq doublezero uklinux net)
Re: PHP security (or the lack thereof) Jun 24 2006 05:55AM
Tobias J. Kreidl (Tobias Kreidl NAU EDU)


 

Privacy Statement
Copyright 2010, SecurityFocus