WebApp Sec mailing list archives
RE: Anyone have some basic security tips for PHP-programmers?
From: Härnhammar, Ulf <Ulf.Harnhammar.9485 () student uu se>
Date: Mon, 24 Nov 2003 21:00:47 +0100
Quoting "Herbold, John W." <JWHERBOLD () arkbluecross com>:
but PHP is NOT vulnerable to buffer overflows from PHP scriptsA quick search on Goggle for "PHP buffer overflow" shows otherwise.
A program written in a scripting language might at some point send data to a program written in a compiled language. Common examples include MySQL and sendmail. Thus, if we only check what characters are used and not the length of data fields, people could conceivably crack a sendmail server through our script, even if they can't connect to it directly. Moral of the story: always check lengths as well, and avoid regular expression characters such as * or +, as they allow an unlimited amount of something. -- Ulf Härnhammar, student, Uppsala universitet "Jag är en tvivelaktig figur / Duger ej mycket till" -- Cornelis Vreeswijk, "Somliga går med trasiga skor" Uggs != Cmectbb
Current thread:
- Re: Anyone have some basic security tips for PHP-programmers?, (continued)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? DownBload (Nov 18)
- RE: Anyone have some basic security tips for PHP-programmers? Keifer, Trey (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? tim (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? Herbold, John W. (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? exon (Nov 24)
- RE: Anyone have some basic security tips for PHP-programmers? Herbold, John W. (Nov 24)
- RE: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 24)
- Re: Anyone have some basic security tips for PHP-programmers? Andreas (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Sverre H. Huseby (Nov 25)
- RE: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 24)