Sorry for the split of threds, i dont have the original email.
This is the answer from computerworld regarding the article http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html , >Thank you for taking the time to write in. I see your point. >The article should have said that there was a flaw in *a* Web service protocol >*for* PHP. Saying "the PHP Web services protocol" may have given readers the >wrong >idea. >However, this particular PEAR implementation is bundled with one of the newer >release candidates of PHP (PHP 4.4.0RC2), at which point it gets difficult to >determine >whether something is or is not part of "PHP." In any case, I have >issued a clarification at >http://www.computerworld.com/news/corrections >Regards, -- Sharon Machlis Online Managing Editor Computerworld http://www.computerworld.com One Speen Street P.O. Box 9171 Framingham, MA 01701-9171 Phone: +1 508 820 8231 E-mail: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: cweditor) Subject: PHP hit by another critical flaw (104124) Hello, This article is wrong, XML-RPC for PHP has a security flaw not PHP itself and php is not a Web Service Protocol. Angelo
