Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10
From: Brett Glass (brett_at_lariat.org)
Date: 12/29/04
- Previous message: Jerry Bell: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- In reply to: Jerry Bell: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- Next in thread: Avleen Vig: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Dec 2004 10:47:33 -0700 To: "Jerry Bell" <jerry@syslog.org>, "Sean Countryman" <sean@rackoperations.com>
At 07:30 AM 12/29/2004, Jerry Bell wrote:
>At the end of the day, PHP isn't really the problem. The problem is that
>people are not taking the time to learn how to code securely given the
>tool they are using.
In this case, the problem is really not the language but the Web itself.
Preserving the state of an ongoing transaction in a secure and tamper-proof
manner is a thorny problem regardless of language -- and it has gotten
harder because the abuse of cookies to invade privacy has caused so many
people to restrict them or turn them off. Absent a default solution that's
already been honed for security, programmers will tend to cut corners or
will have to learn security basics from scratch -- the hard way.
--Brett Glass
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jerry Bell: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- In reply to: Jerry Bell: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- Next in thread: Avleen Vig: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
