Bugtraq mailing list archives
Re: Securing PHP or finding PHP alternatives
From: "Sheryl Coppenger" <gubydala () his com>
Date: Tue, 11 Jul 2006 10:50:09 -0400 (EDT)
Crispin Cowan wrote:
Gezim Hoxha wrote:1.) If I have to write PHP, how do I write secure PHP? Give me a number of ensures that I can follow and check-mark each and live a happy life--for the most part.Program defensively:
[snip]
Test your system:
[snip] There's at least one book out on PHP security. Is there anyone here who has used it and has comments? I'm not experienced enough in PHP to judge: Pro PHP Security by Chris Snyder and Michael Southwell Apress © 2005 (528 pages) ISBN:1590595084
Wrap it in AppArmor http://en.opensuse.org/AppArmor for when you screw up ^W^W don't do all the above perfectly.
But that's only available if you're using Suse, right? What about hardened PHP, modsecurity, putting Apache in a chroot jail, that sort of thing? Sheryl
Current thread:
- Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Gezim Hoxha (Jul 10)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)
- Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 18)
- Re: Securing PHP or finding PHP alternatives Sheryl Coppenger (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 22)
- Re: Securing PHP or finding PHP alternatives Michael Cordover (Jul 22)
- Re: Securing PHP or finding PHP alternatives SkyFlash (Jul 15)
- Re: Securing PHP or finding PHP alternatives Michael Shigorin (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Matthias Kestenholz (Jul 15)
- Re: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof)) Meet Myself on the Internet (Jul 15)
- Re: Securing PHP or finding PHP alternatives Crispin Cowan (Jul 10)