My opinion differs from Rasmus in this case - I think that most of the points he makes in his study are quite accurate and well analyzed. Be sure to keep current when the next release of PHP comes out - it's going to provide infrastructure to handle some of the more dangerous issues that Shaun pointed out.
Zeev At 08:49 26/10/2001, Joseph Blythe wrote: >ok thanks, think I fall in that category too, but doing my best to change it >:) > >-----Original Message----- >From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] >Sent: Friday, 26 October 2001 4:05 PM >To: Joseph Blythe >Cc: [EMAIL PROTECTED] >Subject: Re: [PHP] security > > >Has been around for quite a while and pretty much all the points are >address right in the PHP documentation at http://php.net/security which is >a much more informed source to study. The guy who wrote that scarlet >report only had a very thin grasp of the concepts. > >-Rasmus > >On Fri, 26 Oct 2001, Joseph Blythe wrote: > > > just stummbled across this great study by Shaun Clowes on php security, >this > > is just the kind of information I have been looking for, thought others > > could also benefit from it. > > > > http://www.securereality.com.au/studyinscarlet.txt > > > > found during google search: PHP Security > > > > cheers, > > > > joseph > > > > > > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
