WebApp Sec mailing list archives
Re: PHP Easter Eggs
From: Rick Crelia <rick.crelia () oregonstate edu>
Date: Mon, 6 Dec 2004 12:13:36 -0800
Hmmm. Methinks we're making a mountain out of a molehill with this thread... no offense, but think about this: most MTAs come with version string information enabled by default. Sendmail, qmail, Postfix, etc. A competent system administrator knows that in order to make the machine secure, you disable this functionality by making the appropriate configuration change. These MTAs power a large hunk of the Internet MTAs in existence and are considered quite solid and secure (well, sendmail's gotten better anyway.. heh). I don't really see how the PHP "easter eggs" option is any different. Or did I miss something? You can turn this behavior off, and probably should in most instances. --rc *========================================* Rick Crelia - rick.crelia () oregonstate edu OSU Libraries - Dept of Library Technology Corvallis, OR 97331 - 541.737.8972 On Fri, Dec 03, 2004 at 12:49:22PM -0500, Chuck Brockman spake thusly:
Maybe I'm not viewing this in the right light, but if PHP is to gain momentum in the corporate world and seriously compete with the other dominate web "languages", findings like this will discredit PHP. I personally like PHP and use it as well as others, but trying to sell PHP to management with findings like this may hamper the growth and acceptance of PHP. Yes, I know there are Easter eggs in almost everything out there, especially M$oft apps. Chuck
Current thread:
- SQL injection (no single quotes used), (continued)
- SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
- Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)
- Re: SQL injection (no single quotes used) Juan Carlos (Dec 15)
- RE: SQL injection (no single quotes used) Brett Moore (Dec 16)
- RE: SQL injection (no single quotes used) Mutallip Ablimit (Dec 15)
- Re: SQL injection (no single quotes used) PD9 Software (Dec 16)
- Re: SQL injection (no single quotes used) Adam Tuliper (Dec 15)
- Re: PHP Easter Eggs Devin Egan (Nov 29)
- Re: PHP Easter Eggs Rick Crelia (Dec 08)
- Re: PHP Easter Eggs James Barkley (Dec 14)