Full Disclosure mailing list archives

Re: AW: securing php

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 20 Aug 2003 11:07:03 +0200

vogt () hansenet com writes:

You an enable PHP's "Safe Mode", which goes a long way to
closing these holes, but it's not a 100% solution.


PHP uses many libraries which were not designed to cope with malicious
input from the application.  That's why PHP Safe Mode is unsafe *by*
*design*.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AW: securing php vogt (Aug 20)
- Re: AW: securing php Florian Weimer (Aug 20)
- Re: securing php Kristian Koehntopp (Aug 20)
- <Possible follow-ups>
- RE: AW: securing php Rainer Gerhards (Aug 20)