[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] How secure is PHP ?

To: nayana@xxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] How secure is PHP ?
From: ph0enix <ph0enix@xxxxxxxxxxxx>
Date: Mon, 01 Nov 2004 14:17:26 +0100

Hi Nayana,

no, you don't need a security expert to secure your php scripts. But you also don't need to be a security expert to exploit php issues... =)

Have a look at this:

http://www.hardened-php.net/

HTH

Nayana Somaratna wrote:

Hi everyone,

I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

While I am not a novice, I am defintely not an expert either -
expecially on security issues.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

P.S. The few hundred students mentioned above are IT students ;-)

Thanks,

- Nayana

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] How secure is PHP ?
  - From: Nayana Somaratna

Prev by Date: RE: [Full-Disclosure] How secure is PHP ?
Next by Date: Re: [Full-Disclosure] DoS in Apache 2.0.52 ?
Previous by thread: [Full-Disclosure] How secure is PHP ?
Next by thread: Re: [Full-Disclosure] How secure is PHP ?
Index(es):
- Date
- Thread