Re: How secure is PHP ?

["Gary E. Miller" <gem () rellim com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Nayana!

On Mon, 1 Nov 2004, Nayana Somaratna wrote:

> However, when browsing the web, I found an article which said that "it
> requires an expert to lockdown php" (Sorry, but I can't quite recall
> the URL).

Saying PHP in insecure is like saying C is insecure.  Until their is
a programmer involved, writing bad code, there is no problem.  Just like
C if the programmer carefully validates and contrains ALL input then
the program is not only secure but robust.

> So, I'd like to ask the members of this list - how difficult is it to
> secure php ? Do you really need a security "expert" to do this ?

PHP has very good write ups on security in the online doc.  Here is the
chapter:

        http://www.php.net/manual/en/security.php

If you can read, understand and FOLLOW those recomendatins then you are OK.
If not, then get the assistance of an "expert" that does.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBhoju8KZibdeR3qURAmzpAJ928ofMk+NqtWLPHNg/FwWQ7HE/UwCfVwpW
eANLHG73S0GOZcgi5zyIVW0=
=VsB9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html