FYI, I know that PHP doesn't get a lot in the way of respect in the realm of Software Security--and deservedly so--but there's a group that's trying to change that. They've released "Hardened PHP" version 0.1.1 -- see http://www.hardened-php.net/index.php for details.
Among its features are (in their own words): - memory_limit check relocation - Canary protection of the Zend Memory Manager - Canary protection of Zend Linked Lists - Protection against internal format string exploits - Protection against arbitrary code inclusion - Syslog logging of attackers IP Cheers, Ken van Wyk http://www.KRvW.com
