Dailydave mailing list archives
Re: Bouncing with PHP
From: Jeremy Kelley <jeremy () austin ibm com>
Date: Tue, 20 May 2008 17:48:40 -0500
Suhosin helps immensely by the simple fact that it disables remote file inclusions. That one feature alone would have stopped about 90% (made up statistic, don't know...) of the php app attacks from the last couple of years and before declare_globals was defaulted off. -j Quoting John Dangler (jdangler () terremark com):
How does Suhosin affect the odds in a PHP5 web application?
-- Jeremy Kelley <jeremy () austin ibm com> Sr. Threat Analyst gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D That's the problem with science. You've got a bunch of empiricists trying to describe things of unimaginable wonder. -Bill Watterson _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Bouncing with PHP Dave Aitel (May 19)
- Re: Bouncing with PHP Jeremy Kelley (May 19)
- Message not available
- Re: Bouncing with PHP Jeremy Kelley (May 20)
- Message not available
- Re: Bouncing with PHP Jeremy Kelley (May 19)