Bastien Koert wrote:
php is not the only language susceptible to x-browser attacks... seems
unfair to single it out.
Why not? Its the only I've seen that actually has hackability built in!
(see below) So it singles itself out, thats the whole point :)
And as previously pointed out, many times it the developer's fault for
writing that insecure code
Yes developer does cross-site scripting suseptable code = developer's fault
* but if a script has *only* this as its content:
<? phpinfo(); ?>
And *that* script has cross-site vulnerabilities is the programmer at
fault for writing bad code?
No, he's at fault for using PHP
I rest my case ;)
The only solution is to upgrade the binary.
That SUCKS big time!
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php