RE: PHP security (or the lack thereof)

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: PHP security (or the lack thereof)
From: "Geo." <geoincidents@xxxxxxx>
Date: Mon, 26 Jun 2006 12:06:42 -0400
Importance: Normal
In-reply-to: <c8bcda7ee680e88e0967594fe76a0646@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

...
>   "The configuration flexibility of PHP is equally rivalled by the code
> flexibility. PHP can be used to build complete server applications,
> with all the power of a shell user, or it can be used for simple
> server-side includes with little risk in a tightly controlled
> environment. How you build that environment, and how secure it is, is
> largely up to the PHP developer."

And is the default install wide open or tightly controlled? I mean from a
security standpoint we have been screaming for years at Microsoft to change
their defaults to firewall on and things locked instead of open.

Is php secure by default when it's installed on a server?

Geo.

Follow-Ups:
- Re: PHP security (or the lack thereof)
  - From: Mrten
- Re: PHP security (or the lack thereof)
  - From: Matthias Kestenholz
- Re: PHP security (or the lack thereof)
  - From: Paul Schmehl

References:
- Re: PHP security (or the lack thereof)
  - From: Ronald Chmara

Prev by Date: Re: Opera 9 DoS PoC
Next by Date: Claroline Cross-Site Scripting Vulnerabilities
Previous by thread: Re: PHP security (or the lack thereof)
Next by thread: Re: PHP security (or the lack thereof)
Index(es):
- Date
- Thread