Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: AW: securing php

From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Wed, 20 Aug 2003 14:20:16 +0200
But it is still another hurdle ;) Remeber, security is the art of moving
as many hurdles in the way as possible. Hopefully the attacker is
exhausted before he reaches the last one. And, yes, I agree it is good
to be always reminded that some of the hurdles are small ;)

Rainer


-----Original Message-----
From: Florian Weimer [mailto:fw () deneb enyo de] 
Sent: Wednesday, August 20, 2003 11:07 AM
To: vogt () hansenet com
Cc: zorkshin () tampabay rr com; full-disclosure () lists netsys com
Subject: Re: AW: [Full-disclosure] securing php


vogt () hansenet com writes:


You an enable PHP's "Safe Mode", which goes a long way to
closing these holes, but it's not a 100% solution.


PHP uses many libraries which were not designed to cope with malicious
input from the application.  That's why PHP Safe Mode is unsafe *by*
*design*.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: