Of course, out of all the language/(interfaces), it's one of the most insecure. I mean, beyond the code, the actual PHP interface and the environment--not due to your code. Languages like Perl, C, C++ suffer from bad code, whereas PHP itself suffers even if the code is solid. Definitely most of those insecurities in PHP itself are opened up by bad code though... but some are not... and mod_php and PHP as CGI both have a long history of pretty major bugs and insecurities nonetheless, not reliant upon the code only, such as would be the case with C/C++, Perl, etc. -- Regards, Tim Greer [EMAIL PROTECTED] Server administration, security, programming, consulting.
----- Original Message ----- From: "Richard Bennett" <[EMAIL PROTECTED]> To: "Security Basics Mailing List" <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 5:31 PM Subject: Re: Ten least secure programs > I wouldn't include PHP as a program. Even though it's interpreted it's > essentially the person who writes it who causes the insecurities, and it is > very possible to write secure code. Main cause of insecure PHP apps are > unsanitised variables which can be passed to the script through the GET > request. > Also - wireless networking is a little generalising ;) > > -- Richard > > ----- Original Message ----- > From: "Chris Berry" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Saturday, June 28, 2003 11:08 PM > Subject: Ten least secure programs > > > > I'm putting together a list of what seem to be the ten least secure > computer > > items in use today with the idea of having a set of things to recommend > > AGAINST people using, probably to be posted on the IT room door with a > note > > like "NO, you cannot use the following!!". Here is what I have so far, > I'm > > looking for additions and comments. The list is in order from with the > > worst offender being number one. These should be products whose inheirent > > design is flawed, not that are just difficult to secure. I expect > vigorous > > discussion. *putting on flame retardent garments* Oh, and leave Operating > > systems out of this one. > > > > 1) Microsoft Outlook > > 2) Telnet > > 3) Sendmail > > 4) IIS Server > > 5) Wireless networking > > 6) PHP > > 7) ? > > 8) ? > > 9) ? > > 10) ? > > > > Chris Berry > > [EMAIL PROTECTED] > > Systems Administrator > > JM Associates > > > > "Within every man beats a heart of darkness." --The Shadow > > > > _________________________________________________________________ > > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > > http://join.msn.com/?page=features/junkmail > > > > > > -------------------------------------------------------------------------- > - > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > Find out why, and see how you can get plug-n-play secure remote access in > > about an hour, with no client, server changes, or ongoing maintenance. > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > -------------------------------------------------------------------------- > -- > > > > > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
