Because it's easy and fashionable. Good old Perl has no luster now that PHP is here. A lot of the Linux magazines tout PHP with MySQL close to the second coming. It's 42.
On 7/5/05, Gregg C Levine <[EMAIL PROTECTED]> wrote: > Hello from Gregg C Levine > Is it just me, or are the exact same PHP security risks being > discussed on the security lists for Slackware? They keep posting newer > packages with those complaints fixed. Or so it would seem. > > And if there are so many such problems surfacing, then why are so many > sites being created with them? > ----- > Gregg C Levine [EMAIL PROTECTED] > --- > "Remember the Force will be with you. Always." Obi-Wan Kenobi > > > -----Original Message----- > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf > Of > > Post, Mark K > > Sent: Tuesday, July 05, 2005 11:14 AM > > To: [email protected] > > Subject: Re: [LINUX-390] PHP-based Content Management Programs Under > > Threat > > > > This type of problem is unfortunately all too common with PHP. The > PHP > > developers seem to have real problems with writing secure code. So > much > > so that some commentators have recommended completely avoiding the > > package. > > > > > > Mark Post > > > > -----Original Message----- > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf > Of > > Jim Knox > > Sent: Tuesday, July 05, 2005 7:39 AM > > To: [email protected] > > Subject: PHP-based Content Management Programs Under Threat > > > > > > For those running some of the more popular content management > systems > > (php based), there is a security warning announced here: > > > > http://www.phpmag.net/itr/news/psecom,id,22674,nodeid,113.html > > > > fyi...........................Jim > > > > > > > > > > 05.07.2005 > > > > Popular free and open source blogging, wiki and content management > > programs face a security threat in the way PHP programs handle XML > > commands. According to James Bercegay, researcher at GulfTech > Security > > Research <http://www.gulftech.org/> who found the flaws, an attacker > can > > compromise a Web server through a security hole in the XML-RPC > function. > > > > In two PHP libraries, PHPXMLRPC and Pear XML-RPC, the flaw allows > > applications to exchange XML using remote procedure calls and fails > to > > check incoming data for malicious commands. Bercagay said the level > of > > the threat was "high risk" and affects popular PHP programs such as > > PostNuke, Drupal, b2evolution, TikiWiki and others. The PHP > libraries > > have been updated, and are available for download. For developers > who > > cannot upgrade to the new libraries, disabling the XML-RPC functions > has > > been a recommended solution. > > > > PEAR XML_RPC 1.3.1 upgrade can be found here > > <http://pear.php.net/package/XML_RPC/download/1.3.1>. The PHPXMLRPC > > upgrade can be downloaded here > > > <http://sourceforge.net/project/showfiles.php?group_id=34455&package_i > d= > > 26601>. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- If it weren't for an American pointing a gun at the bad guys, you'd be a helluva lot worse off. -Barbara Boxer ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
