Re: PHP Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 02:37 AM 8/26/2005, Santosh Jambhlikar wrote:
As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. 
I am sorry if i did something wrong, i am new user in php mailing list.


Jasper Bryant-Greene wrote:


Santosh Jambhlikar wrote:


also

PHP HIT BY ANOTHER CRITICAL FLAW
A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
You are spreading FUD about PHP. Stop it. If you actually *read* the article carefully you will find that not only is this not a PHP bug, but a bug with two XMLRPC libraries written *for* PHP. Not PHP itself. This is completely irrelevant to the original topic, as I didn't see the OP asking for XMLRPC security advice.
While you're at it, why not publish an article "PHP HIT BY ANOTHER CRITICAL FLAW" with the text "A new security flaw in my website, which is developed using PHP, surfaced today..." 

Jasper




Santosh,
It's a good article, lousy and inaccurate headline, with an unfortunate mistake in describing a language as a protocol. Furthermore, if you look towards the bottom of the page, beneath the security blog and the links following, you will see that it was reprinted from TechWorld. So, alarmist filler with no fact-checking.
Nevertheless, there's a useful link to the probable source of the article at hardened-php; something many newspapers do not want to bother with. 

So, for everyone unhappy about the headline and the "protocol" error",
mailto:php-general@xxxxxxxxxxxxx?SUBJECT=PHP%20Hit%20by%20another%20critical%20security%20flaw%20(104214)

Or click on the feedback button to the right of the headline.
And as for someone else's comment that it's OK to write against PHP, as long as it's factual. Right on!!
Miles 
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux