DOES ANY BODY OUT THERE KNOW OF A GOOD COMEDY FORUM? OR A FREE REAL PLAYER COMEDY CHANNE.L ALL THIS WORK CAN DRIVE A MAN MAD.
------------------------------------------- Mark Webley Multimedia design and development WebleyCity Limited London United Kingdom [EMAIL PROTECTED] [EMAIL PROTECTED] Mobile: 07980 213 627 Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk ------------------------------------------- > From: Michael Sims <[EMAIL PROTECTED]> > Date: Thu, 20 Dec 2001 22:42:34 -0600 > To: [EMAIL PROTECTED] > Subject: Re: [PHP] Re: Mommy, is it true that...? > > At 11:28 PM 12/20/2001 -0500, Billy Harvey wrote: >>> Freshmeat.net is a very popular database of linux software and includes a >>> wide variety of PHP scripts. My point was that if you downloaded an >>> insecure script from such a popular site then you are asking for trouble >>> because chances are thousands of would-be hackers have ALSO downloaded the >>> same script and have familiarized themselves with ways that it can be >>> exploited... >> >> So would you rather just use pre-compiled binaries from some company >> that says "trust me"? > > Sigh. No. The thread has meandered quite a bit, and you'd have to read > the whole thing to see how we got to this point. To summarize: > > Someone made the point that you should always carefully check user > submitted data, and provided an example using an poorly secured fopen() > statement whereby a hacker could gain access to /etc/passwd. I responded > by saying that to do such a thing the hacker would have to know exactly how > your code is written. Someone else responded saying that this was indeed > likely in shared hosting environments or open source software. The above > is me agreeing and saying "oh I didn't think of that" Nowhere did I say > that I think this is a disadvantage of OSS. > > If you wish to extrapolate an argument from what I wrote above then here's > a good one: When you install software that could be a potential security > risk then you should attempt to use well established, peer-reviewed OPEN > SOURCE software and ideally review at the code yourself to make sure it > meets your standards of security and doesn't contain any nasty exploits. > > See, I'm one of the good guys...a dot communist, just like you. ;-) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
