Russell Nelson wrote: > Stefan Esser writes: > > I agree with Rasmus. Remote URL Includes are dieing out. > > That's not what Rasmus said. > > > Most released advisories are SQL Injections nowadays and well maybe > > Russells next mail says: mysql_query() considered harmful. > > When the top Google result for 'php security flaw' returns > mysql_query() instead of include(), I will agree that you are correct.
I am not sure a Google search is a very good barometer here. I'd like to think that we are pretty good at staying on top of the security problems reported in PHP-related applications and as such have a pretty good idea of what the top problems are. I rarely see these url_fopen issues anymore. Perhaps 2 years ago, but today it really doesn't seem like it is even in the top 10 PHP security problems. If you could order your serach results by date I bet you'd see that a number of these entries are quite old. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
