[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AW: [Full-Disclosure] securing php

To: "Florian Weimer" <fw@deneb.enyo.de>, <vogt@hansenet.com>
Subject: RE: AW: [Full-Disclosure] securing php
From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
Date: Wed, 20 Aug 2003 14:20:16 +0200

But it is still another hurdle ;) Remeber, security is the art of moving
as many hurdles in the way as possible. Hopefully the attacker is
exhausted before he reaches the last one. And, yes, I agree it is good
to be always reminded that some of the hurdles are small ;)

Rainer

> -----Original Message-----
> From: Florian Weimer [mailto:fw@deneb.enyo.de] 
> Sent: Wednesday, August 20, 2003 11:07 AM
> To: vogt@hansenet.com
> Cc: zorkshin@tampabay.rr.com; full-disclosure@lists.netsys.com
> Subject: Re: AW: [Full-Disclosure] securing php
> 
> 
> vogt@hansenet.com writes:
> 
> > You an enable PHP's "Safe Mode", which goes a long way to
> > closing these holes, but it's not a 100% solution.
> 
> PHP uses many libraries which were not designed to cope with malicious
> input from the application.  That's why PHP Safe Mode is unsafe *by*
> *design*.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Al Qaida claims responsibility for blackout
Next by Date: [Full-Disclosure] Slammer worm crashed Ohio nuke plant network
Prev by thread: Re: [Full-Disclosure] securing php
Next by thread: [Full-Disclosure] Filtering sobig with postfix
Index(es):
- Date
- Thread