At 12:36 27/07/2001, Brian Tanner wrote:
>Differently - sometimes
>Dangerously - Never
I think that this means that this is quite serious, and mind-bogglingly
common security flaw. When your app behaves differently, there's a one out
of two, or one out of five, or one out of ten chance that this can be
exploited for bad purposes. Most security exploits originate in an
application which behaves in a way that the author did not anticipate. In
your case, you're either lucky, talented, or both. My view is that if your
apps can behave differently, chances are that there's a huge number of
other apps which can also be manipulated to behave differently, and quite a
few of them can be manipulated into doing 'dangerous' things.
Zeev
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
