Sorry for the split of threds, i dont have the original email. This is the answer from computerworld regarding the article http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html , >Thank you for taking the time to write in. I see your point. >The article should have said that there was a flaw in *a* Web service protocol *for* PHP. Saying "the PHP Web services protocol" may have given readers the wrong >idea. >However, this particular PEAR implementation is bundled with one of the newer release candidates of PHP (PHP 4.4.0RC2), at which point it gets difficult to determine >whether something is or is not part of "PHP." In any case, I have issued a clarification at >http://www.computerworld.com/news/corrections >Regards, -- Sharon Machlis Online Managing Editor Computerworld http://www.computerworld.com One Speen Street P.O. Box 9171 Framingham, MA 01701-9171 Phone: +1 508 820 8231 E-mail: sharon_machlis@xxxxxxxxxxxxxxxxx To: editor@xxxxxxxxxxxxxxxxx cc: letters@xxxxxxxxxxxxxxxxx (bcc: cweditor) Subject: PHP hit by another critical flaw (104124) Hello, This article is wrong, XML-RPC for PHP has a security flaw not PHP itself and php is not a Web Service Protocol. Angelo
