Bugtraq mailing list archives
Re: PHP security (or the lack thereof)
From: "Geo." <geoincidents () nls net>
Date: Thu, 22 Jun 2006 19:02:24 -0400
I think that any ability of the (l)users to expose executables as web services threatens the security of the web server machine, irrespective of programming language. (But I don't see how it threatens "the internet" -- they can already connect their own misconfigured machine to the net
directly) If I compromise your home machine, I've got one computer. If I compromise some webserver that hosts several hundred websites I've got a whole lot more options via all those exploits that require I lure you to my website. I also have whatever those websites are (suppose half of them are stores that process credit cards). Geo.
Current thread:
- Re: PHP security (or the lack thereof), (continued)
- Re: PHP security (or the lack thereof) Geo. (Jun 21)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 22)
- Re: PHP security (or the lack thereof) Neil Neely (Jun 19)
- Re: PHP security (or the lack thereof) john mullee (Jun 23)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 26)
- Re: PHP security (or the lack thereof) Ronald Chmara (Jun 27)
- Re: PHP security (or the lack thereof) Tonnerre Lombard (Jun 28)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 28)
- Re: PHP security (or the lack thereof) Darren Reed (Jun 26)
- Re: PHP security (or the lack thereof) Steven M. Christey (Jun 17)
- Re: PHP security (or the lack thereof) Alan J Rosenthal (Jun 21)
- Re: PHP security (or the lack thereof) Geo. (Jun 23)
- Re: Re: PHP security (or the lack thereof) nabiy (Jun 23)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 23)
- Re: PHP security (or the lack thereof) Daniel Hulme (Jun 26)
- Re: PHP security (or the lack thereof) Tobias J. Kreidl (Jun 26)
- Re: PHP security (or the lack thereof) Glynn Clements (Jun 27)
- Re: PHP security (or the lack thereof) Ronald Chmara (Jun 26)
- RE: PHP security (or the lack thereof) Geo. (Jun 26)
- Re: PHP security (or the lack thereof) Paul Schmehl (Jun 26)
- RE: PHP security (or the lack thereof) Geo. (Jun 28)
- Re: PHP security (or the lack thereof) Matthias Kestenholz (Jun 26)
- Re: PHP security (or the lack thereof) Crispin Cowan (Jun 23)