WebApp Sec mailing list archives
Re: Languages/platforms used for Web apps. Any stats?
From: Ben Sytko <bsytko () gmail com>
Date: Sat, 25 Jun 2005 11:05:31 -0400
One of the problems here also, its that its possible with PHP to make insecure programs that run just fine. You can code away for days with seemingly great working program, but if you don't take the precautions to prevent attacks, its a recipe for disaster. As others have said, its about knowing where the security risks are, and taking the steps to prevent them. Using htmlentities() is a good step to help prevent XSS, and being sure to turn off register_globals helps as well. And Andrew, in PHP5, there is a new error flag, E_STRICT, which throws warnings when you use deprecated functions. See: http://us2.php.net/manual/en/ref.errorfunc.php#errorfunc.constants -Ben
Current thread:
- Re: Languages/platforms used for Web apps. Any stats?, (continued)
- Re: Languages/platforms used for Web apps. Any stats? Mamading Ceesay (Jun 26)
- Re: Languages/platforms used for Web apps. Any stats? Andrew van der Stock (Jun 24)
- Re: Languages/platforms used for Web apps. Any stats? focus (Jun 24)
- Re: Languages/platforms used for Web apps. Any stats? Steve McCullough (Jun 26)
- Re: Languages/platforms used for Web apps. Any stats? Rob Lanphier (Jun 25)
- Re: Languages/platforms used for Web apps. Any stats? Gary Warner (Jun 25)
- Re: Languages/platforms used for Web apps. Any stats? prep (Jun 25)
- RE: Languages/platforms used for Web apps. Any stats? Mark Curphey (Jun 25)
- RE: Languages/platforms used for Web apps. Any stats? Steve Slater (Jun 25)
- Re: Languages/platforms used for Web apps. Any stats? Adam Shostack (Jun 25)
- Re: Languages/platforms used for Web apps. Any stats? Ben Sytko (Jun 25)
- RE: Languages/platforms used for Web apps. Any stats? Mark Curphey (Jun 25)
- RE: Languages/platforms used for Web apps. Any stats? Mark Curphey (Jun 25)