PHP Listers,
I was just reading about "Hardened PHP", and the debate between
those who thinks it's a good idea and those who think it will allow for
lazy coding. I'm firmly of the belief that any new security feature is a
good thing. If for no other reason that it will help me stay secure
while I am in the process of learning how to be more secure on my own.
But one question that came up in my mind while reading about PHP
security is exactly where does the risk lie? Specifically, I wonder if
in my own case if there is much of a risk. I almost exclusively use PHP
to draw from data held within a MySQL database on the same server. I do
not allow users to upload files. I suppose the most that I allow users
to do is input some information like email addresses, user names and
passwords. But it seems to be harmless text that gets stored in the
database. I can't see how it could be manipulated to store and/or
execute a script of any kind.
Are there open ports to access PHP that I don't know about?
Wouldn't someone have to be able to telnet in before doing anything with
PHP (and if they had got that far, would they even need PHP to do their
damage)?
I must be missing something. It seems to me that all of what PHP
does, or at least what I use it for, all takes place on the server
without doors for user access. Either my use of PHP is limited to a
fairly small section of it's capabilities and so I don't encounter
risks, or there is some other route to access PHP functions that I'm not
aware of.
Can someone please shed a little light on this matter? Naturally
I want to try and be as secure as possible.
--
Yoroshiku!
Dave G
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
