RE: How secure is PHP ?

[Sandeep Sengupta <sandeep.sengupta () gmail com>]

Hi Nayana,

1) All BUGS on PHP are listed here. So you can have good idea of the bug-stat.
http://bugs.php.net/bugstats.php

Total bug entries in system: 30352  
Closed: 17087   Open: 1267   Critical: 4   

-----

Some more resources ---

2) http://www.developer.com/lang/article.php/918141
On the Security of PHP, Part 1 - Jordan Dimov

3) http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
PHP Security Mistakes - Dave Clark

The security of the application depends mostly on 'how you code',
which I believe you already know. I hope the above links will be of
some help. Good luck :-)

Warm regards,
Sandeep.

-----Original Message-----
From:   Nayana Somaratna [mailto:npsomaratna () gmail com]
Sent:   Tue 02/11/2004 00:45
To:     full-disclosure () lists netsys com
Cc:     
Subject:        [Full-Disclosure] How secure is PHP ?
Hi everyone,

I've been tasked with creating a learning management system for my
University. Given that we're only handling a few handred students, I'd
typically want to create it using linux/apache/mysql/php.

However, when browsing the web, I found an article which said that "it
requires an expert to lockdown php" (Sorry, but I can't quite recall
the URL).

While I am not a novice, I am defintely not an expert either -
expecially on security issues.

So, I'd like to ask the members of this list - how difficult is it to
secure php ? Do you really need a security "expert" to do this ?

P.S. The few hundred students mentioned above are IT students ;-)

Thanks,

- Nayana

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html