Sorry for answering with a new question.
But, what's if, say, the PHP-Parser crashes (or a filename is changed) and
Apache returns the source. How is it simply possible to store passwords
somewhere a httpd-users won't see it? (e.g. in the includes-Folder, am I
And are session-variables send per post or does the next script reads it
from the session-file so nobody can't read them?

Jan Peuker

----- Original Message -----
From: "Miguel Cruz" <[EMAIL PROTECTED]>
To: "Jay Fitzgerald" <[EMAIL PROTECTED]>
Sent: Monday, April 29, 2002 8:33 PM
Subject: Re: [PHP] PHP Security

> On Mon, 29 Apr 2002, Jay Fitzgerald wrote:
> > Can someone point me in the right direction in determining just how
> > PHP really is?
> What are you actually trying to find out?
> As far as actual security problems in PHP, where the interpreter behaves
> contrary to documentation when provided with extraordinary inputs, the
> team has been very responsive with fixes (in contrast with, say,
> Microsoft).
> If you are wondering about the security of any given application developed
> in PHP, well, that's up to the developers of that application.
> miguel
> --
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to