On Thursday 22 February 2007, Dan Cowsill wrote: > Actually, I'd be pretty interested in what you have to rant about > PHP. I run apache with php_mod installed and have the http port open. > Is there a security risk I should be aware of?
The problem is not so much with php itself - that' s just a language. If the langauge were at fault, we'd have to chuck C becuase of all the exploits that are possible when you code in it. The problem is that php enables every kid and his dog to put an interactive site up on the net. So, every kid and his dog does. All the while making coding mistakes that open holes. Forum software seems especially prone. Apache and php_mod themselves are as safe as is reasonable, at least I haven't seen many weaknesses reported on those two packages. To know if you should be taking extra security precautions, watch for security advisories about the php apps you have running alan -- Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- [email protected] mailing list
