lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 20 Jun 2006 00:54:31 -0400
From: "kicktd" <cooljay1804ml@...lsouth.net>
To: "Geo." <geoincidents@....net>, <bugtraq@...urityfocus.com>
Subject: Re: PHP security (or the lack thereof)


> Do you not think stuff like this should be pointed out to the public so
that
> when selecting a web host they know that one who supports PHP may be
putting
> them at extreme risk compared to one who is a bit more security conscious?

Well then we better start having web hosting companies who support ASP,
Perl, CGI etc. be pointed out to the public so that when selecting a web
host they know that they might be being put into an extreme risk situation.



It's not the language, it's the programmer. If a programmer, no matter what
the language might be, programs insecure and improperly then it comes down
to the programmer to learn do proper coding and security of the application
be it for the web or for a desktop based program. Improper coding in an ASP
or Perl scripts can cause just as much trouble as improper coding in a PHP
script.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ