Bugtraq mailing list archives
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Bill Nash <billn () billn net>
Date: Mon, 1 Jan 2007 10:53:39 -0700 (MST)
On Sun, 31 Dec 2006, Kevin Waterson wrote:
This one time, at band camp, Gadi Evron <ge () linuxbox org> wrote:Indeed, the most annoying thing about the PHP worms today is that these PHP vulnerabilities being exploited are everywhere.These are not PHP vulnerabilities, these are application vulnerabilities.
I agree. Unless this thread is focusing on vulnerabilities in the PHP parser itself, exploitable simply by pushing arbitrary information through any available post/get channel, then I think we can call it a PHP vulnerability. Until then, let's keep the FUD to a minimum. *ANY* language implemented for *ANY* purpose is as secure as the programmer makes it. The way the original post is written, s/PHP/(Perl|ASP|C|bash|BASIC|four little buddhist monks fighting over an abacus)/ is applicable. The vulnerabilities that we see, that Gadi refers to, aren't widespread because PHP is widespread, but because insecure applications written in PHP are. A better use of energy would be focusing on the most vulnerable platforms and educating the developers. - billn
Current thread:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Tino Wildenhain (Jan 01)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes (Jan 01)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed (Jan 02)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 02)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed (Jan 02)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Ronald Chmara (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Tino Wildenhain (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 01)