lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20041101142904.GA13951@beastie.guard-info.com>
From: meder at o0o.nu (Meder Kydyraliev)
Subject: How secure is PHP ?

You should check out 'study in scarlet' also, which points out some of the
common programming/configuration mistakes:

http://www.securereality.com.au/studyinscarlet.txt


Meder

On Mon, Nov 01, 2004 at 07:13:14PM +0530, Sandeep Sengupta wrote:
> Hi Nayana,
> 
> 1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat.
> http://bugs.php.net/bugstats.php
> 
> Total bug entries in system: 30352  
> Closed: 17087   Open: 1267   Critical: 4   
> 
> -----
> 
> Some more resources ---
> 
> 2) http://www.developer.com/lang/article.php/918141
> On the Security of PHP, Part 1 - Jordan Dimov
> 
> 3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
> PHP Security Mistakes - Dave Clark
> 
> The security of the application depends mostly on 'how you code',
> which I believe you already know. I hope the above links will be of
> some help. Good luck :-)
> 
> Warm regards,
> Sandeep.
> 
> -----Original Message-----
> From:	Nayana Somaratna [mailto:npsomaratna@...il.com]
> Sent:	Tue 02/11/2004 00:45
> To:	full-disclosure@...ts.netsys.com
> Cc:	
> Subject:	[Full-Disclosure] How secure is PHP ?
> Hi everyone,
> 
> I've been tasked with creating a learning management system for my
> University. Given that we're only handling a few handred students, I'd
> typically want to create it using linux/apache/mysql/php.
> 
> However, when browsing the web, I found an article which said that "it
> requires an expert to lockdown php" (Sorry, but I can't quite recall
> the URL).
> 
> While I am not a novice, I am defintely not an expert either -
> expecially on security issues.
> 
> So, I'd like to ask the members of this list - how difficult is it to
> secure php ? Do you really need a security "expert" to do this ?
> 
> P.S. The few hundred students mentioned above are IT students ;-)
> 
> Thanks,
> 
> - Nayana
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ