Am 11.08.2013 22:15, schrieb Stefan Kanthak:
> "Reindl Harald" wrote:
>> Am 10.08.2013 16:52, schrieb Tobias Kreidl:
>>> It is for this specific reason that utilities like suPHP can be used as a
>>> powerful tool to at least keep the
>>> account user from shooting anyone but him/herself in the
Am 11.08.2013 23:56, schrieb Stefan Kanthak:
> "Reindl Harald" wrote:
>> again:
>> symlinks are to not poision always and everywhere
>> they become where untrusted customer code is running
>> blame the admin which doe snot know his job and not
>> the language offering a lot of functions where so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:211
http://www.mandriva.com/en/support/security/
__
I have been a silent spectator to this drama, and could not resist adding a few
thoughts of my own:
1. All software, especially webservers, should ship with secure defaults.
Period. It is a fundamental mistake to assume all admins who roll out web apps
and maintain servers RTFM before rolling o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2737-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
August 12, 2013
+1
PETER H GREGORY, C|CISO, CISA, CISSP, CRISC, PCI-ISA | Data Security
Manager
428 Westlake Avenue North, Suite 388 | Seattle, WA 98109
peter.greg...@tommybahama.com | Skype peterhgregory | D: 206.905.5773 F:
206.905.5675
MAKE LIFE one LONG WEEKEND(tm) | TOMMYBAHAMA.COM
-Original Message--
Am 12.08.2013 19:28, schrieb Coderaptor:
> I have been a silent spectator to this drama, and could not resist adding a
> few thoughts of my own:
> All software, especially webservers, should ship with secure defaults
yes, but define secure defaults without a context
hint: you can't
> It is a f
Heh
disable_functions and open_basedir is bad example. It's not an apache
part - it's PHP, so forget about it - .
enable_functions is a very bad idea - the list of allowed ones would
be too large for any business, development or user needs. That's why
administrators (I do) read changelogs before u
On Mon, Aug 12, 2013 at 1:28 PM, Coderaptor wrote:
> I have been a silent spectator to this drama, and could not resist adding a
> few thoughts of my own:
>
> 1. All software, especially webservers, should ship with secure defaults.
> Period. It is a fundamental mistake to assume all admins who
CVE Number: N/A (not assigned)
Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability
Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8
(prior versions may also be affected)
Credit: Takeshi Terada of Mitsui Bussan Secure Directio
On Mon, Aug 12, 2013 at 11:11 AM, Reindl Harald wrote:
>
> Am 12.08.2013 19:28, schrieb Coderaptor:
> > I have been a silent spectator to this drama, and could not resist adding a
> > few thoughts of my own:
> > All software, especially webservers, should ship with secure defaults
>
> yes, but de
I hate to come late to the party, but following all of this, it is kind of
ridiculous.
I have to agree with those before in saying software should ship secure.
in my environment whenever we are given a new bit to add to our
infrastructure, be it a new server, new version of an OS, or new version
On Mon, Aug 12, 2013 at 2:45 PM, Reindl Harald wrote:
>
> Am 12.08.2013 23:32, schrieb coderaptor:
>> Why can't enable_functions be pre-populated with known good functions, and
>> everything else disabled? Again,
>> sacrificing security convenience is the norm.
>
> if you would only have the slig
13 matches
Mail list logo
