Educause Security Discussion mailing list archives
Re: PHP and IIS/IPlanet
From: Clyde Hoadley <hoadleyc () MSCD EDU>
Date: Tue, 23 Dec 2003 08:48:15 -0700
Just like any software, PHP has its fair share of bugs and other vulnerabilities. For a good list of known vulnerabilities in PHP, see: "http://www.securityfocus.com/bid" and select PHP from the drop down menu. I'm not an expert in PHP but I would encourage you to insure that the host server has been properly installed, patched, configured and hardened. I would suggest that it be firewalled. Then, insure that the PHP interpreter has been properly installed and configured. Finally, ensure that the people that develop the scripts are aware of security issues and secure programming techniques. They should already know about cleansing the input, parameter checking etc... You might find the following links useful: PHP Security, Part 1 http://www.onlamp.com/pub/a/php/2003/07/31/php_foundations.html PHP Security, Part 2 http://www.onlamp.com/pub/a/php/2003/08/28/php_foundations.html Securing PHP: Step-by-step http://www.securityfocus.com/infocus/1706 Securing Apache: Step-by-Step http://www.securityfocus.com/infocus/1694 BASIC IIS 5.0 DEFAULT WEB SERVER SECURITY http://www.sans.org/rr/papers/index.php?id=304 Building a Secure Windows ® 2000 Professional Network Installation http://www.sans.org/rr/papers/index.php?id=218 -- Clyde Hoadley Security & Disaster Recovery Coordinator Division of Information Technology Metropolitan State College of Denver hoadleyc () mscd edu http://clem.mscd.edu/~hoadleyc/ (303) 556-5074 West, David F. wrote:
Is anyone running PHP (http://us3.php.net/manual/en/faq.general.php) on their IIS or other webservers? Any security or other issues seen from this? Thanks!! Dave West Network Administrator Saint Augustine's College dfwest () st-aug edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- PHP and IIS/IPlanet West, David F. (Dec 22)
- <Possible follow-ups>
- Re: PHP and IIS/IPlanet Barros, Jacob (Dec 23)
- Re: PHP and IIS/IPlanet Clyde Hoadley (Dec 23)