1 |
On Thursday 22 February 2007, Dan Cowsill wrote: |
2 |
> Actually, I'd be pretty interested in what you have to rant about |
3 |
> PHP. I run apache with php_mod installed and have the http port open. |
4 |
> Is there a security risk I should be aware of? |
5 |
|
6 |
The problem is not so much with php itself - that' s just a language. If |
7 |
the langauge were at fault, we'd have to chuck C becuase of all the |
8 |
exploits that are possible when you code in it. |
9 |
|
10 |
The problem is that php enables every kid and his dog to put an |
11 |
interactive site up on the net. So, every kid and his dog does. All the |
12 |
while making coding mistakes that open holes. Forum software seems |
13 |
especially prone. |
14 |
|
15 |
Apache and php_mod themselves are as safe as is reasonable, at least I |
16 |
haven't seen many weaknesses reported on those two packages. To know if |
17 |
you should be taking extra security precautions, watch for security |
18 |
advisories about the php apps you have running |
19 |
|
20 |
alan |
21 |
|
22 |
-- |
23 |
Optimists say the glass is half full, |
24 |
Pessimists say the glass is half empty, |
25 |
Developers say wtf is the glass twice as big as it needs to be? |
26 |
|
27 |
Alan McKinnon |
28 |
alan at linuxholdings dot co dot za |
29 |
+27 82, double three seven, one nine three five |
30 |
-- |
31 |
gentoo-user@g.o mailing list |