Full Disclosure mailing list archives
RE: AW: securing php
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Wed, 20 Aug 2003 14:20:16 +0200
But it is still another hurdle ;) Remeber, security is the art of moving as many hurdles in the way as possible. Hopefully the attacker is exhausted before he reaches the last one. And, yes, I agree it is good to be always reminded that some of the hurdles are small ;) Rainer
-----Original Message----- From: Florian Weimer [mailto:fw () deneb enyo de] Sent: Wednesday, August 20, 2003 11:07 AM To: vogt () hansenet com Cc: zorkshin () tampabay rr com; full-disclosure () lists netsys com Subject: Re: AW: [Full-disclosure] securing php vogt () hansenet com writes:You an enable PHP's "Safe Mode", which goes a long way to closing these holes, but it's not a 100% solution.PHP uses many libraries which were not designed to cope with malicious input from the application. That's why PHP Safe Mode is unsafe *by* *design*. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: securing php vogt (Aug 20)
- Re: AW: securing php Florian Weimer (Aug 20)
- Re: securing php Kristian Koehntopp (Aug 20)
- <Possible follow-ups>
- RE: AW: securing php Rainer Gerhards (Aug 20)