[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] How secure is PHP ?
- To: full-disclosure@xxxxxxxxxxxxxxxx, npsomaratna@xxxxxxxxx
- Subject: RE: [Full-Disclosure] How secure is PHP ?
- From: Sandeep Sengupta <sandeep.sengupta@xxxxxxxxx>
- Date: Mon, 1 Nov 2004 19:13:14 +0530
Hi Nayana,
1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat.
http://bugs.php.net/bugstats.php
Total bug entries in system: 30352
Closed: 17087 Open: 1267 Critical: 4
-----
Some more resources ---
2) http://www.developer.com/lang/article.php/918141
On the Security of PHP, Part 1 - Jordan Dimov
3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
PHP Security Mistakes - Dave Clark
The security of the application depends mostly on 'how you code',
which I believe you already know. I hope the above links will be of
some help. Good luck :-)
Warm regards,
Sandeep.
-----Original Message-----
From: Nayana Somaratna [mailto:npsomaratna@xxxxxxxxx]
Sent: Tue 02/11/2004 00:45
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc:
Subject: [Full-Disclosure] How secure is PHP ?
Hi everyone,
I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.
However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).
While I am not a novice, I am defintely not an expert either -
expecially on security issues.
So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?
P.S. The few hundred students mentioned above are IT students ;-)
Thanks,
- Nayana
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html