The whole idea is that we offer help after you have exhausted all other
If security is an issue then I suggest getting on a security mailing list
and post your questions.
Plus, it would be better if you found out how to solve the problems that are
associated with security...
check on ssl and encryption...you could even go with Kerberos or secure ldap
There are many options open...remember google is your friend....
From: Jas [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 06, 2002 11:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: Anyone?
Ok, so you have pointed out an problem, now that you have been so kind to do
this could please recommend how to resolve this?
"Jay Blanchard" <[EMAIL PROTECTED]> wrote in message
> I cannot believe that no one with alot of PHP and MySQL experience has not
> replied to this post yet. Is PHP not a secure scripting language? I
> really like a little insight into this question, anyone?
> [rant warning!]
> I'll bite! ;-(
> A. You gave so much code that those of us on the list who may be working
> have not had time to set it all up and test it.
> 2. Security from what standpoint? That you can't be hacked? That people
> can't use your CMS without authorization? That your code is complicated
> enough to be impressive? Test your code...if it works you're good, if
> not...fix it.
> III. Your code is somewhat bloated, you don't have to go through
> you go through to assure yourself security. Is this for an Intranet? If so
> is the URL to the CMS accessible through the firewall? If for an Internet
> site have you thought about putting the CMS on an SSL.
> Dang...and D. PHP is secure. You may, to assuage any further fears,
> any username password information that gets transmitted from the login to
> the server the first time. That is very insecure. I could port sniff your
> butt to kingdom come and gain usernames and passwords all day long. You
> cannot believe that no one with alot of PHP and MySQL experience has not
> replied to this post yet. I cannot believe that anyone asking about
> would transmit the initial login as plain text...so we're even.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php