Bugtraq mailing list archives
RE: PHP security (or the lack thereof)
From: "Geo." <geoincidents () nls net>
Date: Mon, 26 Jun 2006 12:06:42 -0400
...
"The configuration flexibility of PHP is equally rivalled by the code flexibility. PHP can be used to build complete server applications, with all the power of a shell user, or it can be used for simple server-side includes with little risk in a tightly controlled environment. How you build that environment, and how secure it is, is largely up to the PHP developer."
And is the default install wide open or tightly controlled? I mean from a security standpoint we have been screaming for years at Microsoft to change their defaults to firewall on and things locked instead of open. Is php secure by default when it's installed on a server? Geo.
Current thread:
- Re: PHP security (or the lack thereof), (continued)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 28)
- Re: PHP security (or the lack thereof) Steven M. Christey (Jun 17)
- Re: PHP security (or the lack thereof) Alan J Rosenthal (Jun 21)
- Re: PHP security (or the lack thereof) Geo. (Jun 23)
- Re: Re: PHP security (or the lack thereof) nabiy (Jun 23)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 23)
- Re: PHP security (or the lack thereof) Daniel Hulme (Jun 26)
- Re: PHP security (or the lack thereof) Tobias J. Kreidl (Jun 26)
- Re: PHP security (or the lack thereof) Glynn Clements (Jun 27)
- Re: PHP security (or the lack thereof) Ronald Chmara (Jun 26)
- RE: PHP security (or the lack thereof) Geo. (Jun 26)
- Re: PHP security (or the lack thereof) Paul Schmehl (Jun 26)
- RE: PHP security (or the lack thereof) Geo. (Jun 28)
- Re: PHP security (or the lack thereof) Matthias Kestenholz (Jun 26)
- RE: PHP security (or the lack thereof) Geo. (Jun 27)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 23)
- Re: PHP security (or the lack thereof) Mrten (Jun 26)