lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060222214855.144ca895.kevin@oceania.net>
Date: Wed, 22 Feb 2006 21:48:55 +1100
From: Kevin Waterson <kevin@...ania.net>
To: bugtraq@...urityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
 malware]


This one time, at band camp, Gadi Evron <ge@...uxbox.org> wrote:
 

> 3. Staying on top of new PHP vulnerabilities has become impossible, 
> popping around everywhere.

What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites because some script kiddie
wrote a poor application.

> 
> 4. Determining how secure a PHP application is, looking at the code and 
> for how silly past vulnerabilities were (i.e. looking at the coder 
> rather than the code) is now more important than the actual application.

As with all web based technologies, security should be the foundation of the application

> Much like their self criticism said, PHP needs to grow to a far more 
> secure language, much like we need to chose more carefully what PHP 
> software we use.
Which self critism is this?

> 
> Some of us have been joking for a while about creating a script to 
> choose from different paragraph we create, and email bugtraq 
> re-assembling the randomly with a new PHP bug and a random PHP 
> application name every few hours. Would any of us be able to readily 
> tell the difference?

Perhaps we can do the same for linux kernel problems and blame it on C?

Kind regards
Kevin


-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ