Sorry for answering with a new question. But, what's if, say, the PHP-Parser crashes (or a filename is changed) and Apache returns the source. How is it simply possible to store passwords somewhere a httpd-users won't see it? (e.g. in the includes-Folder, am I right?) And are session-variables send per post or does the next script reads it from the session-file so nobody can't read them? Regars,
Jan Peuker ----- Original Message ----- From: "Miguel Cruz" <[EMAIL PROTECTED]> To: "Jay Fitzgerald" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 8:33 PM Subject: Re: [PHP] PHP Security > On Mon, 29 Apr 2002, Jay Fitzgerald wrote: > > Can someone point me in the right direction in determining just how secure > > PHP really is? > > What are you actually trying to find out? > > As far as actual security problems in PHP, where the interpreter behaves > contrary to documentation when provided with extraordinary inputs, the > team has been very responsive with fixes (in contrast with, say, > Microsoft). > > If you are wondering about the security of any given application developed > in PHP, well, that's up to the developers of that application. > > miguel > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
