| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.61.0411011056530.3526@catbert.rellim.com> From: gem at rellim.com (Gary E. Miller) Subject: How secure is PHP ? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Nayana! On Mon, 1 Nov 2004, Nayana Somaratna wrote: > However, when browsing the web, I found an article which said that "it > requires an expert to lockdown php" (Sorry, but I can't quite recall > the URL). Saying PHP in insecure is like saying C is insecure. Until their is a programmer involved, writing bad code, there is no problem. Just like C if the programmer carefully validates and contrains ALL input then the program is not only secure but robust. > So, I'd like to ask the members of this list - how difficult is it to > secure php ? Do you really need a security "expert" to do this ? PHP has very good write ups on security in the online doc. Here is the chapter: http://www.php.net/manual/en/security.php If you can read, understand and FOLLOW those recomendatins then you are OK. If not, then get the assistance of an "expert" that does. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW eANLHG73S0GOZcgi5zyIVW0= =VsB9 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists