[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Full-Disclosure] securing php

To: vogt@hansenet.com
Subject: Re: AW: [Full-Disclosure] securing php
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 20 Aug 2003 11:07:03 +0200

vogt@hansenet.com writes:

> You an enable PHP's "Safe Mode", which goes a long way to
> closing these holes, but it's not a 100% solution.

PHP uses many libraries which were not designed to cope with malicious
input from the application.  That's why PHP Safe Mode is unsafe *by*
*design*.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- AW: [Full-Disclosure] securing php
  - From: vogt@hansenet.com

Prev by Date: RE: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
Next by Date: Re: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Prev by thread: AW: [Full-Disclosure] securing php
Next by thread: Re: [Full-Disclosure] securing php
Index(es):
- Date
- Thread