[PHP] Re: what is better for performance?

2005-12-11 Thread Martin Nicholls 
The question is null and void, the real question is which do you need to 
use, just because objects in php behave like arrays, that does not mean 
the are interchangeable in all cases. You don't create an object just 
for the sheer hell of it.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP security

2004-03-07 Thread Martin Nicholls 
no, but i suppose you have options available to prevent them, and it may be
a sysadmins problem, but there is a good chance that it may be your fault, I
can see how if you are a freelance devloper, it may look bad if the client
wants to hire for another job, and your code was the flaw in an otherwise
well coded site, or that sort of thing...

I don't know really, I was just wondering what people thought of it.. :P

"Jason Davidson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> request floods and such are not the responsability of the programmer is
> it? Sounds more like a sys admin problem?  i could be wrong.
>
> Jason
>
> "Martin Nicholls" <[EMAIL PROTECTED]> wrote:
> >
> > I know somebody who coded a PHP script that attempts to prevent post
> > flooding and some other potential security 'flaws'.
> >
> > I know quite alot about PHP, some things are still beyond my knowledge.
I
> > was wondering if some people could have a look at it to see if it is a
> > viable way of reducing secrity risks on PHP sites. You can download it
from
> > my site at http://www.streakyland.co.uk/ccisecurity.zip
> >
> > More info, an extract from the readme ->
> >
> > [What is the CCI Website Security Script?]
> >
> > The CCI Website Security Script is a drop-in PHP script designed to take
on
> > the burdon of dealing with certain common security problems in PHP
scripts.
> > It is made to be added to an existing script to provide immediate,
> > transparent security of varying types.
> >
> > Far, far too often you hear about free scripts having some common
> > vulnerability that has been seen a thousand times in other scripts -
people
> > just aren't careful enough when writing scripts.  This script is desiged
to
> > try to compensate for some of this carelessness.
> >
> > Some of the things it (supposedly) attempts to prevent / do ->
> >
> > HTTP REQUEST FLOODS, SCRIPT DISPLAY VULNERABILITIES, GENERAL FLOOD
> > PROTECTION, IP BANNING VIA .HTACCESS, HTML Source Viewing/Stealing
> >
> > Thanks for your time
> >
> > Streaky
> >
> > -- 
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP security

2004-03-07 Thread Martin Nicholls 
I know somebody who coded a PHP script that attempts to prevent post
flooding and some other potential security 'flaws'.

I know quite alot about PHP, some things are still beyond my knowledge. I
was wondering if some people could have a look at it to see if it is a
viable way of reducing secrity risks on PHP sites. You can download it from
my site at http://www.streakyland.co.uk/ccisecurity.zip

More info, an extract from the readme ->

[What is the CCI Website Security Script?]

The CCI Website Security Script is a drop-in PHP script designed to take on
the burdon of dealing with certain common security problems in PHP scripts.
It is made to be added to an existing script to provide immediate,
transparent security of varying types.

Far, far too often you hear about free scripts having some common
vulnerability that has been seen a thousand times in other scripts - people
just aren't careful enough when writing scripts.  This script is desiged to
try to compensate for some of this carelessness.

Some of the things it (supposedly) attempts to prevent / do ->

HTTP REQUEST FLOODS, SCRIPT DISPLAY VULNERABILITIES, GENERAL FLOOD
PROTECTION, IP BANNING VIA .HTACCESS, HTML Source Viewing/Stealing

Thanks for your time

Streaky

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php