| 1 |
On Thursday 22 February 2007, Dan Cowsill wrote: |
| 2 |
> Actually, I'd be pretty interested in what you have to rant about |
| 3 |
> PHP. I run apache with php_mod installed and have the http port open. |
| 4 |
> Is there a security risk I should be aware of? |
| 5 |
|
| 6 |
The problem is not so much with php itself - that' s just a language. If |
| 7 |
the langauge were at fault, we'd have to chuck C becuase of all the |
| 8 |
exploits that are possible when you code in it. |
| 9 |
|
| 10 |
The problem is that php enables every kid and his dog to put an |
| 11 |
interactive site up on the net. So, every kid and his dog does. All the |
| 12 |
while making coding mistakes that open holes. Forum software seems |
| 13 |
especially prone. |
| 14 |
|
| 15 |
Apache and php_mod themselves are as safe as is reasonable, at least I |
| 16 |
haven't seen many weaknesses reported on those two packages. To know if |
| 17 |
you should be taking extra security precautions, watch for security |
| 18 |
advisories about the php apps you have running |
| 19 |
|
| 20 |
alan |
| 21 |
|
| 22 |
-- |
| 23 |
Optimists say the glass is half full, |
| 24 |
Pessimists say the glass is half empty, |
| 25 |
Developers say wtf is the glass twice as big as it needs to be? |
| 26 |
|
| 27 |
Alan McKinnon |
| 28 |
alan at linuxholdings dot co dot za |
| 29 |
+27 82, double three seven, one nine three five |
| 30 |
-- |
| 31 |
gentoo-user@g.o mailing list |
Archives