[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securing PHP?

Subject: Re: Securing PHP?
From: <email@hidden>
Date: Fri, 6 Jan 2006 07:47:10 -0800 (PST)
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=kjwgPavq32miB993vJSFOgfgs4CFFNOV4KJ2uKx0LLlQXiaKU5QVVSXQpwrhuqKu3tt5gPLjOCaabjdWB1pipKR+3/fEviEMXAPxVTxVZ44dN3KrzYPMhtd+2SmvC6iZzrcKSp2Ukz1mXp3wW4kPiVkBCNRI1DWlGT37qh4sDw0= ;

While security is not job #1 for PHP (it's just a programming language) the PHP group has been doing a lot to make the default installs more secure in newer releases. It's up to the programmers to follow good programming practices when using PHP so their applications are secure.

So, really, you need to look at the applications you and your customers have that use PHP and make sure you have recent versions that do not have any known vulnerabilities. There are LOTS of bugs in many popular PHP apps out there. Sign up for the PHP-SEC mailing list to get notified when bugs/vulnerabilities are found so you know when to upgrade the apps you're using.

http://phparch.com/phpsec/

- Gabriel

----- Original Message ----
From: Danny Hembree <email@hidden>
To: Christian Enqvist <email@hidden>
Cc: email@hidden
Sent: Fri Jan  6 10:24:22 2006
Subject: Re: Securing PHP?

On Thu, 2006-01-05 at 08:46, Christian Enqvist wrote:
> We have a webserver with a couple of customers and they are all using
> PHP. Does anyone have any good tips on how to secure PHP (this is when
> you start flaming me for not being specific) or if we even have to
> worry about it? We have replaced the PHP installation from Apple for
> the one that Marc builds at Entropy because we needed support for GD
> so this is somewhat of a more general question about OS X Server and
> PHP vs Security.
PHP is intended to be a quick and easy way to put up web pages. Security
is not one of it's features. If security is a concern, I would suggest
using Perl or Java. 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>Re: Securing PHP? (From: Danny Hembree <email@hidden>)

Prev by Date: Re: Securing PHP?
Next by Date: Re: ACL - Permission Issues --FIX
Previous by thread: Re: Securing PHP?
Next by thread: Re: Securing PHP?
Index(es):
- Date
- Thread

Home