Bugtraq mailing list archives
Re: PHP security (or the lack thereof)
From: "kicktd" <cooljay1804ml () bellsouth net>
Date: Tue, 20 Jun 2006 00:54:31 -0400
Do you not think stuff like this should be pointed out to the public so
that
when selecting a web host they know that one who supports PHP may be
putting
them at extreme risk compared to one who is a bit more security conscious?
Well then we better start having web hosting companies who support ASP, Perl, CGI etc. be pointed out to the public so that when selecting a web host they know that they might be being put into an extreme risk situation. It's not the language, it's the programmer. If a programmer, no matter what the language might be, programs insecure and improperly then it comes down to the programmer to learn do proper coding and security of the application be it for the web or for a desktop based program. Improper coding in an ASP or Perl scripts can cause just as much trouble as improper coding in a PHP script.
Current thread:
- PHP security (or the lack thereof) Darren Reed (Jun 16)
- Re: PHP security (or the lack thereof) Bojan Zdrnja (Jun 17)
- Re: PHP security (or the lack thereof) Jessica Hope (Jun 21)
- Re: PHP security (or the lack thereof) Jose Nazario (Jun 17)
- Re: PHP security (or the lack thereof) Geo. (Jun 19)
- Re: PHP security (or the lack thereof) kicktd (Jun 21)
- Re: PHP security (or the lack thereof) Geo. (Jun 21)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 22)
- Re: PHP security (or the lack thereof) Geo. (Jun 19)
- Re: PHP security (or the lack thereof) Bojan Zdrnja (Jun 17)
- Re: PHP security (or the lack thereof) Neil Neely (Jun 19)
- Re: PHP security (or the lack thereof) john mullee (Jun 23)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 26)
- Re: PHP security (or the lack thereof) Ronald Chmara (Jun 27)
- Re: PHP security (or the lack thereof) Tonnerre Lombard (Jun 28)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 28)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 26)
- <Possible follow-ups>
- Re: PHP security (or the lack thereof) Steven M. Christey (Jun 17)
- Re: PHP security (or the lack thereof) Alan J Rosenthal (Jun 21)