Two years ago, I wrote a semi similar post to this one, but, well,
I'm old and tired of seeing this now. Time for folks to upgrade.
On Sep 10, 2007, at 9:38 PM, [EMAIL PROTECTED] wrote:
Application: PHP <=5.2.4
Web Site: http://php.net
Platform: unix
Bug: safemode & open_basedir bypass
==
On Jul 26, 2007, at 2:28 AM, Fady Anwar wrote:
A white paper about how to counter attack XSS attacks using AJAX
programming techniques
http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx
Failed assumptions = Flawed solutions.
Signing
On Jan 2, 2007, at 10:37 AM, Darren Reed wrote:
In some mail from Jim Harrison, sie said:
Again; I agree with and fully support the effort. What I'm trying to
point out is the literal impossibility of actually achieving "genuine
security" in either our code or the languages it's written in.
We
On Jun 24, 2006, at 3:42 PM, Darren Reed wrote:
In some mail from john mullee, sie said:
--- Darren Reed <[EMAIL PROTECTED]> wrote:
I guess most of the remaining offending apps were written in C: as
much as 96% ?!!
(including basically all of microsoft's stuff!!)
Surely the least secure langu
On Jun 21, 2006, at 4:52 PM, [EMAIL PROTECTED] wrote:
Trying to make the language 'safe' won't fix it because the language
is not the problem. The real problem is the way PHP is presented to
most new developers.
PHP has been introduced as a tool for the web developer. As a language
its goal is