On 2/21/07, Nate Abele <[EMAIL PROTECTED]> wrote:
Despite the claims, I'm not so sure that most of these security
issues couldn't be mitigated with a proper server configuration and a
well-designed application. While I'm sure there are vulnerabilities
that exist in a *stock* installation of PHP (especially in older
versions where things like register_globals and allow_url_fopen were
enabled by default... wait... is allow_url_fopen *still* enabled by
default??), there's a lot you can do to in terms of configuration to
minimize your application's target profile.
Also, I seem to remember Chris Shiflett having some clarifying
comments on Stefan and his Sohusin project, so perhaps he could weigh
in here (hint, hint ;-).
Hi Nate, top posting as usual I see.
So for the sake of argument, let's say there there's a buffer overflow
vulnerability in getimagesize(), that could be exploited by a
carefully crafted jpeg. It doesn't matter at that point how careful
you were when you wrote your app. As soon as an attacker (er, script
kiddie) uploads a poison jpeg, she owns your server.
These are the kinds of bugs Esser is talking about, not the XSS or SQL
injection attacks that are typically the fault of an application
developer.
--
Chris Snyder
http://chxo.com/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
