I’m resending this since it bounced. Something about being
over 40KB… There are some more serious security
implications with your choice of tools (e.g., injections). Far from the
definitive word, these are hotly debated, demonstrated, and refuted. Here
are a couple of blog articles that you should research and consider re PHP: - PHP Insecurity: Failure of Leadership (http://www.greebo.net/?p=320) - PHP Security: Dumb Users or Dumb APIs? (http://www.sitepoint.com/blogs/2006/01/24/php-security-dumb-users-or-dumb-apis/) This is from last year’s Blackhat,
but it’s fairly new and still relevant: - Beefed up OWASP 2.0 introduced at
BlackHat (http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1111443,00.html)
and (http://www.owasp.org/index.php/Main_Page)
How to harden this? It’s a
moving target. PHP6? Until it is released and then I’ll say
PHP7… ;-) The key is that if you don’t
*really* have to be web-accessible, then don’t. Steve |
_______________________________________________ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss