Fixing stupid PHP application design flaws

Hey! What do people on this list think about fixing PHP include files in a DSA that are accessible via HTTP as well and contain one bug or another as they are not supposed to be accessible via HTTP but accidently are. I'm rather annoyed by the lack of comptence of some PHP coders who manage

Re: Fixing stupid PHP application design flaws

On Thu, Apr 28, 2005 at 03:15:08PM +0200, Martin Schulze wrote: Hey! What do people on this list think about fixing PHP include files in a DSA that are accessible via HTTP as well and contain one bug or another as they are not supposed to be accessible via HTTP but accidently are. I'm

Re: [SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution

http://www.debian.org/security/2005/dsa-718 the previous announcement already mentioned this prozilla as the fix instead of the ethereal package .. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around

Re: how to display the SSHd fingerprint

On Thu, Apr 28, 2005 at 07:24:11PM +0200, martin f krafft wrote: How can I find out the SSHD key fingerprint given the local file? ssh-keygen -l Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email

Re: how to display the SSHd fingerprint

also sprach Dominic Hargreaves [EMAIL PROTECTED] [2005.04.28.1926 +0200]: How can I find out the SSHD key fingerprint given the local file? ssh-keygen -l Thanks! No way to do so from a script? echo /etc/ssh/ssh_host_dsa_key | ssh-keygen -l is a little ugly to parse... -- Please do

Re: Fixing stupid PHP application design flaws

Martin Schulze wrote: Hey! What do people on this list think about fixing PHP include files in a DSA that are accessible via HTTP as well and contain one bug or another as they are not supposed to be accessible via HTTP but accidently are. Patching them like Squirrelmail has fixed this may

Re: Fixing stupid PHP application design flaws

Hans Spaans a crit : It may be a better idea to start with PHP itself and ask during installation of the users wants to install a secure or insecure version of php4.ini. The same is done with setuid issues for example. Great idea! And I would suggest to have multiple choices, depending on the

Re: Fixing stupid PHP application design flaws

On Thu, Apr 28, 2005 at 10:04:00PM +0200, Hans Spaans wrote: Is this going to solve the problems? Don't get me wrong, because I love your goal but I don't believe that what you suggesting right now is going to solve the problems with PHP at this moment. Maybe its an idea to get in contact with