Re: [PHP] PHP Security: Best Practices

On 8 August 2011 15:08, Jen Rasmussen wrote: > Hello all, > > > > I am currently researching security best practices/methods. Can anyone offer > any current resources/recommendations? > > My research thus far has included password hashing with salting/stretching, > session hash defaults, session m

Re: [PHP] PHP Security: Best Practices

> I am currently researching security best > practices/methods. Can anyone offer > any current resources/recommendations? That is a huge arena and the question can not be answered very well without describing what you are needing to protect. Security in debth depends upon what you are protecting a

RE: [PHP] PHP Security: Best Practices

Thanks, Andrew! I am unfortunately not even running 5.2..so that helps. Jen -Original Message- From: Andrew Ballard [mailto:aball...@gmail.com] Sent: Monday, August 08, 2011 9:57 AM To: j...@cetaceasound.com Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Security: Best Practices

Re: [PHP] PHP Security: Best Practices

On Mon, Aug 8, 2011 at 10:08 AM, Jen Rasmussen wrote: [snip] > > On a side note, PHP versions prior to 5.3+ do not allow to set the httponly > flag as a cookie parameter, is there any acceptable alternative for this? I believe that has been supported since 5.2.0. As for a workaround for versions

[PHP] PHP Security: Best Practices

Hello all, I am currently researching security best practices/methods. Can anyone offer any current resources/recommendations? My research thus far has included password hashing with salting/stretching, session hash defaults, session management & authentication, and prepared statements via PDO

Re: [PHP] PHP Security

its -Grant - Original Message - From: "Phpster" To: "Grant Peel" Cc: Sent: Tuesday, June 02, 2009 5:53 PM Subject: Re: [PHP] PHP Security H, how about some details on OS, etc Bastien Sent from my iPod On Jun 2, 2009, at 17:26, "Grant Peel"

Re: [PHP] PHP Security

> On Jun 2, 2009, at 17:26, "Grant Peel" wrote: > > I am currently setting up the next generation web server for our > company and am in need of general consulting/advice on php set up > security issues. For "general" considerations, start here: http://www.php.net/manual/en/security.general.

Re: [PHP] PHP Security

H, how about some details on OS, etc Bastien Sent from my iPod On Jun 2, 2009, at 17:26, "Grant Peel" wrote: Hi all, I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues. Any one with kno

[PHP] PHP Security

Hi all, I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues. Any one with knowledge and expierience please feel free to reply :-). -Grant

Re: [PHP] php security books

On Jul 4, 2007, at 3:22 AM, Ross wrote: http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350? initialSearch=1&url=search-alias%3Daps&field- keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recom

Re: [PHP] php security books

At 11:22 AM +0100 7/4/07, Ross wrote: http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350?initialSearch=1&url=search-alias%3Daps&field-keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recommend one of t

[PHP] php security books

http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350?initialSearch=1&url=search-alias%3Daps&field-keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recommend one of these or any other that will give me a

[PHP] PHP Security!!! www.armorize.com

Hi, I would like to introduce a new tool for verifying your PHP application's security. Our product uses the most advanced static source code analysis for identifying vulnerabilities in PHP code. Right now we are working with our version 1.17 which has improved functionality, speed and cover

RE: [PHP] php security

> > Cool Chris I'm going to take a look at that movie. Dallas there is a > section at the top of the ini file that lists some directives and > their status to address security or performance issues, but as Chris > mentioned your code could be as big of a risk as anything so pay > attention to th

Re: [PHP] php security

Cool Chris I'm going to take a look at that movie. Dallas there is a section at the top of the ini file that lists some directives and their status to address security or performance issues, but as Chris mentioned your code could be as big of a risk as anything so pay attention to that. On 4/6/0

Re: [PHP] php security

php.ini-anal-retentive-paranoid. I'm editing mine for that right now, everything is off, the sever has a keyboard, mouse, monitor no cd/dvd, no floppy, no usb and is unplugged from the network, there are 6 security guards that surround you and they give you 5 minutes on a timer. On 4/6/06, Kevin

Re: [PHP] php security

Dallas Cahker wrote: I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. Although there are some directives worth disabling (register_globals, magic_quotes_gpc, allow_url_fopen), most vulnerabilitie

Re: [PHP] php security

Dallas Cahker wrote: I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. I'm making sure the apps we come out with dont allow sql injections, or form injections and so forth, I have just seen some pos

Re: [PHP] php security

I would look here for an idea. http://phpsec.org/projects/guide/ I think you'll find many opinions on the matter. One thing to remember is that once the app goes live your job doesnt stop there you'll need to be just as stringent about security and checking logs and errors as you were when you we

[PHP] php security

I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. I'm making sure the apps we come out with dont allow sql injections, or form injections and so forth, I have just seen some posts about magic quotes an

Re: [PHP] PHP Security

Richard Lynch wrote: The actual text is: "...in a Web service protocol FOR PHP" Good catch. The summary sent to the list was: "A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers." Thank

Re: [PHP] PHP Security

On Fri, August 26, 2005 12:32 am, Chris Shiflett wrote: > Of course, if you ever see a news story that describes PHP as a web > service protocol, you probably want to stop reading immediately. :-) The actual text is: "...in a Web service protocol FOR PHP" ^^^ [emphasis

Re: [PHP] PHP Security

Of course, if you ever see a news story that describes PHP as a web service protocol, you probably want to stop reading immediately. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ Actually, I wanted to read more, just to find out how badly things were

Re: [PHP] PHP Security

At 02:37 AM 8/26/2005, Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in

Re: [PHP] PHP Security

Santosh: Personally what I think you did wrong, was to simply paste the header of that news article into your email. You simply said that PHP was hit by another security hole, that allowed crackers(sometimes incorrectly refered to as hackers), to gain access to any php service. I don't think you wo

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in php mailing list. The

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. Jasper is trying to make sure people know the truth. Articles like the one you mentioned are doing quite the opposite. I am sorry if i did something

Re: [PHP] PHP Security

As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in php mailing list. Jasper Bryant-Greene wrote:

Re: [PHP] PHP Security

Ian C. McGarvey wrote: > I have been studying PHP all summer because I wanted to put some > PHP code on my schools web site. I got to school and went to the > web design teacher. I asked him if they had installed PHP on their > server. He said that the district thinks that it would be a HUGE > sec

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,

Re: [PHP] PHP Security

also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html Ian C. Mc

[PHP] PHP Security

I have been studying PHP all summer because I wanted to put some PHP code on my schools web site. I got to school and went to the web design teacher. I asked him if they had installed PHP on their server. He said that the district thinks that it would be a HUGE security risk and that people at

Re: [PHP] PHP security

Thanks everyone for your input. I was just curios since everyone is so concern about security, yet some messageboards/CMS use passwords for their databases on the index page or an include. -- ...hG http://www.helmutgranda.com "Robby Russell" <[EMAIL PROTECTED]> wrote in message news:[EMAIL

Re: [PHP] PHP security

On Fri, 18 Feb 2005 11:42:36 +, John Cage <[EMAIL PROTECTED]> wrote: > you could also encrypt the file using one of the encoders that are out > there. Some are free and some are paid for Never thought of that ;-) http://www.zend.com/store/products/zend-encoder.php?home (Commercial) http://www

Re: [PHP] PHP security

you could also encrypt the file using one of the encoders that are out there. Some are free and some are paid for -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP security

On Thu, 17 Feb 2005 20:47:28 -0600, .hG <[EMAIL PROTECTED]> wrote: > > It makes me wonder how secure in reallity it is to place your UN and > Passwords on a PHP file. > Best idea is to place such information in an include file, which you can call using the include() or require() statements -

Re: [PHP] PHP security

--- ".hG" <[EMAIL PROTECTED]> wrote: > While back I read in an article that placing UN and PASSwords in a PHP > was not secure. Well, that's very subjective. In a shared hosting environment, it certainly does pose a risk. If you place it within document root (don't do that), it poses a signifi

Re: [PHP] PHP security

On Thu, 2005-02-17 at 20:47 -0600, .hG wrote: > While back I read in an article that placing UN and PASSwords in a PHP was > not secure. couple of open source programs that I have seen they have for > example > > $database = ; > $username = ; > $password = ; > > It makes me wond

[PHP] PHP security

While back I read in an article that placing UN and PASSwords in a PHP was not secure. couple of open source programs that I have seen they have for example $database = ; $username = ; $password = ; It makes me wonder how secure in reallity it is to place your UN and Passwords on a

RE: [PHP] PHP Security Consortium

Chris Shiflett on Sunday, January 30, 2005 10:19 PM said: > The PHP Security Consortium has officially launched. The following is > the press release: Oooh cool! This looks to be a great resource. Keep up the good work Chris. Another, Chris. -- PHP General Maili

[PHP] PHP Security Consortium

The PHP Security Consortium has officially launched. The following is the press release: -- Leading PHP Experts Join Forces to Establish the PHP Security Consortium NEW YORK, NY - January 31, 2005 - An international group of PHP experts today announced the official launch of the PHP Security Con

[PHP] PHP Security Advisory

http://www.hardened-php.net/advisories/012004.txt -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security

> There are better ways to do this than parsing .jpg files as PHP. One > obvious one is: > > http://example.org/image.php/foo.jpg I believe this broke on a very very very obscure version of IE -- Maybe even the re-branded IE I ran into one time [shudder]. In theory, it was just IE X.xx.yy, but it

Re: [PHP] PHP Security

--- Richard Lynch <[EMAIL PROTECTED]> wrote: > There are times when one needs to parse a file that ends in .jpg > (or .jpeg) as PHP. I can't think of any, unless it's prove that you can do it. :-) > Specifically, broken browsers (various versions of IE) that ignore > Content-type: headers and use

Re: [PHP] PHP Security

Rory Browne wrote: >> There are times when one needs to parse a file that ends in .jpg (or >> .jpeg) as PHP. >> >> Specifically, broken browsers (various versions of IE) that ignore >> Content-type: headers and use the URL to determine the MIME type will >> not >> correctly display a URL such as: >

Re: [PHP] PHP Security

> There are times when one needs to parse a file that ends in .jpg (or > .jpeg) as PHP. > > Specifically, broken browsers (various versions of IE) that ignore > Content-type: headers and use the URL to determine the MIME type will not > correctly display a URL such as: > > http://l-i-e.com/gd_exa

Re: [PHP] PHP Security

Greg Donald wrote: > The other day a post came across one of those mailing lists discussing > PHP security. One of the posters was describing how insecure PHP's > file upload functionality is and went on to explain a simple method of > attaching exploit code to the end of a jpeg or other image for

Re: [PHP] PHP Security

--- Greg Donald <[EMAIL PROTECTED]> wrote: > The other day a post came across one of those mailing lists discussing > PHP security. One of the posters was describing how insecure PHP's > file upload functionality is and went on to explain a simple method of > attaching exploit code to the end of a

[PHP] PHP Security

I subscribe to a number of security mailing lists as I suspect many of you do, being developers and all. The other day a post came across one of those mailing lists discussing PHP security. One of the posters was describing how insecure PHP's file upload functionality is and went on to explain a

RE: [PHP] php security on shared hosts

Pablo, I tested Chris's script on our systems, and couldn't browse anywhere other than my own directories, so it is possible to set php up on shared hosts that is a lot more secure than what your host has done. May I ask what host this is ? Is it a major one ? Tim. At 02:09 PM 9/26/2004, Pablo G

Re: [PHP] php security on shared hosts

Ahhh...ok, now you're talking about something else. I thought we were just talking about the security model of PHP only. Yes, if a host has decided to offer another means for CGI that isn't safe, then that is another issue all together...;) I was just talking about PHP's security model. Safe mod

RE: [PHP] php security on shared hosts

[snip] In short, what you've found is typical for most shared hosts [/snip] I've just been reviewing the way sites are housed on my host, and what directories are readable by the web server and I'm curious to get opinions on this. When I use Chris' file browser script, there is a folder called 'v

RE: [PHP] php security on shared hosts

--- Pablo Gosse <[EMAIL PROTECTED]> wrote: > http://shiflett.org/articles/security-corner-mar2004 [snip] > Hi, Chris. Thanks for that link. It was incredibly informative. I'm glad you thought so. :-) > I just took your code for the file browser and it was able to > read the information in all u

RE: [PHP] php security on shared hosts

[snip] I just published a free article on my Web site about shared hosting: http://shiflett.org/articles/security-corner-mar2004 In short, what you've found is typical for most shared hosts, and safe_mode (a directive created to help mitigate this problem a bit) does little to help. However, ther

Re: [PHP] php security on shared hosts

On Monday 27 September 2004 02:26, Chris Shiflett wrote: > If you do not offer CGI access or any interpreter besides PHP, then I > suppose it's better than nothing, but I wouldn't characterize this as > safe. I suspect that if I were a user on this host, I could give you a URL > that displays anot

Re: [PHP] php security on shared hosts

--- Tim Traver <[EMAIL PROTECTED]> wrote: > I believe that is the reason that the PHP group came up with the > open_basedir directive. > > The open_basedir prevents you from looking into anything higher > than a particular directory tree using PHP. > > So, a combination of safe_mode and open_base

Re: [PHP] php security on shared hosts

Tim Traver wrote: Chris, I believe that is the reason that the PHP group came up with the open_basedir directive. The open_basedir prevents you from looking into anything higher than a particular directory tree using PHP. So, a combination of safe_mode and open_basedir should prevent your scri

Re: [PHP] php security on shared hosts

Oh, and I forgot, you can also specify specific include directories to be allowed for a particular user... Tim. At 09:47 PM 9/25/2004, Chris Shiflett wrote: --- Tim Traver <[EMAIL PROTECTED]> wrote: > I can guarantee that is not the way it is supposed to be. We > make sure that can't happen by ru

Re: [PHP] php security on shared hosts

Chris, I believe that is the reason that the PHP group came up with the open_basedir directive. The open_basedir prevents you from looking into anything higher than a particular directory tree using PHP. So, a combination of safe_mode and open_basedir should prevent your script from being able

Re: [PHP] php security on shared hosts

Pablo Gosse wrote: Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous. If you are really nervous you cannot use shared hosting. Simple as that. Even if other users don't access your stuff, the root user can. While it's against the system admin

Re: [PHP] php security on shared hosts

--- Tim Traver <[EMAIL PROTECTED]> wrote: > I can guarantee that is not the way it is supposed to be. We > make sure that can't happen by running in Safe mode, using the > open_basedir directive, and making sure the directory tree has > the correct permissions so the situation you described cannot

Re: [PHP] php security on shared hosts

--- Pablo Gosse <[EMAIL PROTECTED]> wrote: > Hi folks. I recently set up hosting for my site and have noticed > something which is making me nervous. > > I can't seem to include files outside of my webroot, so I wrote > a script to test permissions using passthru to output the results > of a bunch

Re: [PHP] php security on shared hosts

Pablo, As a shared hosting company myself (http://www.simplenet.com/), I can guarantee that is not the way it is supposed to be. We make sure that can't happen by running in Safe mode, using the open_basedir directive, and making sure the directory tree has the correct permissions so the situati

[PHP] php security on shared hosts

Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous. I can't seem to include files outside of my webroot, so I wrote a script to test permissions using passthru to output the results of a bunch of ls -la commands to see what I did and did not have

Re: [PHP] PHP Security Workbook

Thanks for the article Chris. Printing it out now and will read it later. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security Workbook

--- John Nichel <[EMAIL PROTECTED]> wrote: > Chris Shiflett wrote: > > This news is a bit old, but I have made the workbook for my > > OSCON tutorial freely available from this URL: > > > > http://shiflett.org/php-security.pdf > > > > It's a 55 page PDF that has a lot of information (more than >

Re: [PHP] PHP Security Workbook

Chris Shiflett wrote: This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. I hope you

Re: [PHP] PHP Security Workbook

Oh thank you for this information. This is very important for me to know. > Yes, this is another thing that I mention in the talk but failed to > include in the workbook. When this approach is being applied to a shared > hosting environment, you want to put the Include directive within a > Virtual

Re: [PHP] PHP Security Workbook

--- Octavian Rasnita <[EMAIL PROTECTED]> wrote: > I have also read that pdf document and I have found another > interesting advice. > > The author says that a good way of hiding the username/password > is to put a file that exports 2 environment variables in a directory > that can be read only by

Re: [PHP] PHP Security Workbook

t; To: "Burhan Khalid" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, August 15, 2004 4:05 PM Subject: Re: [PHP] PHP Security Workbook > --- Burhan Khalid <[EMAIL PROTECTED]> wrote: > > Most of the stuff was common sense to me (and I was glad I > >

Re: [PHP] PHP Security Workbook

--- Burhan Khalid <[EMAIL PROTECTED]> wrote: > Most of the stuff was common sense to me (and I was glad I > was doing those things unconsciously). That's good to hear. :-) Most of the people that have heard me give this talk (which is a few hundred now) have realized several vulnerabilities in th

Re: [PHP] PHP Security Workbook

Chris Shiflett wrote: This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. Nice articl

[PHP] PHP Security Workbook

This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. I hope you find it helpful. C

Re: [PHP] PHP security in a hosting environment

--- Ben Joyce <[EMAIL PROTECTED]> wrote: > one of my clients whom we host a website for has expressed interest > in writing their own php/mySQL applications for their site. > > i've been looking in to the security implications of offering this > service. How are you not offering it now? Can the c

Re: [PHP] PHP security in a hosting environment

From: "Ben Joyce" <[EMAIL PROTECTED]> > one of my clients whom we host a website for has expressed interest in > writing their own php/mySQL applications for their site. > > i've been looking in to the security implications of offering this service. > My concerns are that the client *could* use a

Re: [PHP] PHP security in a hosting environment

Ben Joyce wrote: hi. one of my clients whom we host a website for has expressed interest in writing their own php/mySQL applications for their site. i've been looking in to the security implications of offering this service. My concerns are that the client *could* use a php script to access parts

RE: [PHP] PHP security in a hosting environment

able to modify read-only scripts. Hope that's clear! Richard -Original Message- From: Ben Joyce [mailto:[EMAIL PROTECTED] Sent: 07 April 2004 11:30 To: [EMAIL PROTECTED] Subject: [PHP] PHP security in a hosting environment hi. one of my clients whom we host a website for has

[PHP] PHP security in a hosting environment

hi. one of my clients whom we host a website for has expressed interest in writing their own php/mySQL applications for their site. i've been looking in to the security implications of offering this service. My concerns are that the client *could* use a php script to access parts of the file syst

Re: [PHP] PHP security

no, but i suppose you have options available to prevent them, and it may be a sysadmins problem, but there is a good chance that it may be your fault, I can see how if you are a freelance devloper, it may look bad if the client wants to hire for another job, and your code was the flaw in an otherwi

Re: [PHP] PHP security

request floods and such are not the responsability of the programmer is it? Sounds more like a sys admin problem? i could be wrong. Jason "Martin Nicholls" <[EMAIL PROTECTED]> wrote: > > I know somebody who coded a PHP script that attempts to prevent post > flooding and some other potential sec

[PHP] PHP security

I know somebody who coded a PHP script that attempts to prevent post flooding and some other potential security 'flaws'. I know quite alot about PHP, some things are still beyond my knowledge. I was wondering if some people could have a look at it to see if it is a viable way of reducing secrity r

[PHP] PHP Security Issue?

Hi Everyone, Oddball error randomly shows up when accessing pages on my web hosting provider. The error message is below. My account is obb4wine. PHP behaves as if I'm the account budguy when the script error occurs. A page refresh usually makes the error go away. The error happens frequent

[PHP] PHP Security Advisory: CGI vulnerability in PHP version 4.3.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Issued on: February 17, 2003 Software: PHP/CGI version 4.3.0 Platforms: All The PHP Group has learned of a serious security vulnerability in the CGI SAPI of PHP version 4.3.0.

Re: [PHP] Php security

--- Pushpinder Singh Garcha <[EMAIL PROTECTED]> wrote: > i wanted to check with if it is possible to see the > contents of a .php file. You can open any normal PHP script in a text editor. > I have heard of the Zend Encoder, but I was wondering > how could a person see my php script? If you use

[PHP] Php security

Hi all i wanted to check with if it is possible to see the contents of a .php file. I have heard of the Zend Encoder, but I was wondering how could a person see my php script ? Any information in this direction would be useful? TIA --Pushpinder Singh Garcha _ W

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0and 4.2.1

On Tue, 23 Jul 2002, Richard Lynch wrote: > This is excluding support contracts for software you paid for -- Once you > pay Oracle enough money for Support Contracts, they have pretty good > support, from what I hear... :-) They're attentive and responsive and about as knowledgeable as you could

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

>Well, I'm not sure about the 'you get what you pay for'. Some paid for >software has less support and documentation than PHP! In my experience, *ALL* paid-for software has less support and documentation than PHP. This is excluding support contracts for software you paid for -- Once you pay Orac

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

Well, I'm not sure about the 'you get what you pay for'. Some paid for software has less support and documentation than PHP! "Justin French" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Greg, > > Your attitude stinks. > > PHP is a FREE scripting language.

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

Hi, 1. Every peice of software has bugs - PHP still bugs - it always will have. Deal with it. 2. It is no-one's responsibility other than your own to *test the software*. Anyone using any form of software in a production environment has at least one test bed to install new versions of software o

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

> Who said anything about M$? I don't use their crappy products so I > don't have to deal with their security issues. I'm the one who brought up Microsoft, I'm saying it's a whole lot better then the alternatives. > If PHP 4.2 is unsafe then why is it listed at the top of the page for > down

RE: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

[snip] >Well, trying to updrade on Slackware Linux 8.0 and compiling with the GD >(1.8.4) libraries are giving us some headaches. Some of what seems to be >wrong; ... You're simply looking at the old PHP. You did stop/start Apache, right?... Cuz the new PHP won't kick in until you do. If so, al

RE: [PHP] PHP security bug and patch

restart apache > -Original Message- > From: Michal Dvoracek [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 23 July 2002 4:34 PM > To: Jason Soza > Cc: [EMAIL PROTECTED] > Subject: [PHP] PHP security bug and patch > > > Hello, > > when applying patch on ve

[PHP] PHP security bug and patch

Hello, when applying patch on version 4.2.1 then in phpinfo(); is still PHP Version 4.2.1 but SERVER_SOFTWARE: Apache/1.3.26 (Unix) PHP/4.2.2 mod_ssl/2.8.9 OpenSSL/0.9.6d-beta1 Regards, Michal Dvoracek [EMAIL PROTECTED] Capitol Internet Publisher, Korunovacni 6, 170 00 P

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

Greg, Your attitude stinks. PHP is a FREE scripting language. Think about the amount of money you are probably charging hosting clients, or charging in web or programming services, or making in site revenue, or whatever way you 'commercially function' through PHP. The register globals 'imposit

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0and 4.2.1

On Mon, 22 Jul 2002, Greg Donald wrote: > Not only did I get to re-write all my apps the past few months because of > the new register_globals default that was imposed by `the php group`... You didn't have to. The choice was given to you, for your own good. If you have very disciplined programm

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

>On Mon, 22 Jul 2002, Marko Karppinen wrote: > >> PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > >Not only did I get to re-write all my apps the past few months because of >the new register_globals default that was imposed by `the php group`... You could have just *CHAN

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0 and 4.2.1

>Well, trying to updrade on Slackware Linux 8.0 and compiling with the GD >(1.8.4) libraries are giving us some headaches. Some of what seems to be >wrong; > >phpinfo() does not show new build times for each compile, not seemingly a >caching problem (we have shut down browsers and then re-opened t

Re: [PHP] php security mailing list ...

skipped a few times, but you'll notice > people asking on every other list about what the changes are. > > - Original Message - > From: "Evan Nemerson" <[EMAIL PROTECTED]> > To: "Dario Bahena Tapia" <[EMAIL PROTECTED]>; > <[EMAIL PROTECT

Re: [PHP] php security mailing list ...

TECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 9:19 AM Subject: Re: [PHP] php security mailing list ... > php-announce sends out notices. > > > > On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > > Hi ... > > > > I want to be warned about

Re: [PHP] php security mailing list ...

php-announce sends out notices. On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > Hi ... > > I want to be warned about php security issues, I couldn't find > an exact match in the mailing list names ... which one do you > recommend me? > > Thanks in advance. > > saludos > dario estep

  1   2   >