lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: meder at o0o.nu (Meder Kydyraliev) Subject: How secure is PHP ? You should check out 'study in scarlet' also, which points out some of the common programming/configuration mistakes: http://www.securereality.com.au/studyinscarlet.txt Meder On Mon, Nov 01, 2004 at 07:13:14PM +0530, Sandeep Sengupta wrote: > Hi Nayana, > > 1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat. > http://bugs.php.net/bugstats.php > > Total bug entries in system: 30352 > Closed: 17087 Open: 1267 Critical: 4 > > ----- > > Some more resources --- > > 2) http://www.developer.com/lang/article.php/918141 > On the Security of PHP, Part 1 - Jordan Dimov > > 3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ > PHP Security Mistakes - Dave Clark > > The security of the application depends mostly on 'how you code', > which I believe you already know. I hope the above links will be of > some help. Good luck :-) > > Warm regards, > Sandeep. > > -----Original Message----- > From: Nayana Somaratna [mailto:npsomaratna@...il.com] > Sent: Tue 02/11/2004 00:45 > To: full-disclosure@...ts.netsys.com > Cc: > Subject: [Full-Disclosure] How secure is PHP ? > Hi everyone, > > I've been tasked with creating a learning management system for my > University. Given that we're only handling a few handred students, I'd > typically want to create it using linux/apache/mysql/php. > > However, when browsing the web, I found an article which said that "it > requires an expert to lockdown php" (Sorry, but I can't quite recall > the URL). > > While I am not a novice, I am defintely not an expert either - > expecially on security issues. > > So, I'd like to ask the members of this list - how difficult is it to > secure php ? Do you really need a security "expert" to do this ? > > P.S. The few hundred students mentioned above are IT students ;-) > > Thanks, > > - Nayana > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists