Bugtraq mailing list archives

Re: Securing PHP or finding PHP alternatives

From: Michael Shigorin <mike () osdn org ua>
Date: Tue, 11 Jul 2006 09:21:00 +0300

On Fri, Jul 07, 2006 at 08:48:20PM -0600, Gezim Hoxha wrote:

1.) If I have to write PHP, how do I write secure PHP?


There was a nice whitepaper "Study in Scarlet":
http://www.securereality.com.au/studyinscarlet.txt

and quite a few other articles, you can google up links
to it to find at least one more in bugtraq archive.

PS: I tend to use Ruby and either way check the trail of
products, libraries and frameworks that are considered
for deployment.  As once mentioned, among PHP apps of
significant complexity (e.g. CMS), TYPO3 has given me
way less grief than any of *nukes, Mambo, Drupal, e107,
TikiWiki, phpbb2, WordPress...

-- 
 ---- WBR, Michael Shigorin <mike () altlinux ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Current thread:

Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha (Jul 10)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)
  - Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)
    - Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 18)
  - Re: Securing PHP or finding PHP alternatives Sheryl Coppenger (Jul 15)
    - Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 22)
    - Re: Securing PHP or finding PHP alternatives Michael Cordover (Jul 22)
- Re: Securing PHP or finding PHP alternatives Michael Shigorin (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet (Jul 15)