I don't think Php, setting safe_mode and register globals did a serious job
on 4.1.x versions and above.
Actually I would like to see that crapy problems beeing solved on Php5 but
it seems nobody is thinking of it...
Any idea ?
Julien 5 1890
Julien Buratto escribió: I don't think Php, setting safe_mode and register globals did a serious job on 4.1.x versions and above.
Actually I would like to see that crapy problems beeing solved on Php5 but it seems nobody is thinking of it...
Any idea ?
Julien
What do you understand by crapy problems?
Regards,
knocte
> What do you understand by crapy problems?
With 'crapy problems' I mean something like inability to let my script
create files on the userspace in a webhosting environment to let a script
work
without create the file/modify permission via php_ftp functions ...
All this happens when you do install php with the default options...
Julien
With total disregard for any kind of safety measures "Julien
Buratto" <ju************ ***@linkas.it> leapt forth and uttered: What do you understand by crapy problems?
With 'crapy problems' I mean something like inability to let my script create files on the userspace in a webhosting environment to let a script work without create the file/modify permission via php_ftp functions ... All this happens when you do install php with the default options...
Julien
This has nothing to do with PHP. It is a restriction imposed by
*nix filesystem permissions.
As with every programming language, the burden of writing secure
code lies ultimatly with the developer. The vast majority of PHP
script security issues are the result of ignorance on the part of
the author. As you have unfortunatly proved with the rather large
misconception you just put forward.
--
There is no signature.....
> >> What do you understand by crapy problems? With 'crapy problems' I mean something like inability to let my script create files on the userspace in a webhosting environment to let a script work without create the file/modify permission via php_ftp functions ... All this happens when you do install php with the default options...
Julien
This has nothing to do with PHP. It is a restriction imposed by *nix filesystem permissions.
As with every programming language, the burden of writing secure code lies ultimatly with the developer. The vast majority of PHP script security issues are the result of ignorance on the part of the author. As you have unfortunatly proved with the rather large misconception you just put forward.
Well this depens only in the experience taken with jsp in wich so many
security problems are
solved on the underlying level because the filosophy is that the programmer
should be much more involved
in real programming than in being aware not to introduce security holes.
Infact, what I would like to understand if other devlopers do feel the same
'security loneliness' as I do.
Julien
On Tue, 06 Jan 2004 10:27:45 GMT, "Julien Buratto"
<ju************ ***@linkas.it> wrote: What do you understand by crapy problems?
With 'crapy problems' I mean something like inability to let my script create files on the userspace in a webhosting environment to let a script work without create the file/modify permission via php_ftp functions ... All this happens when you do install php with the default options...
As has been said already, this is unix file permission issue. If you
give a directory the appropriate permissions you will be able to write
to it.
Safe_mode is for paranoid hosts. And register globals (off) simply
removes a particularily bad feature of early versions of PHP.
Other than that, the security concerns of PHP are no different from
any other web development platform. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Christoph Nothdurfter |
last post by:
Hallo!
I was wondering if my PHP4-Scripts will run under PHP5 (Haeven't tried the
beta yet).
Does anybody know?
Thank you,
-Christoph
|
by: badbetty |
last post by:
Dear Googlers
I have installed PHP5 to run on WinXP against Apache 2.
It works! ie. I have tested a few simple scripts and a basic xml
document parse.
I now want to try the XSL extension so I can transform xml docs.
Having copied the php_xsl.dll to a directory where it can be found and
done the uncommenting in php.ini, it still will not work. The script I
|
by: conradwt |
last post by:
Hi, I'm looking to implement login/registration system in PHP5 and
MySQL. Thus, I have come across alot of resources and source code to
perform this task. However, I'm wondering, what's the best method
(i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
Essentially, I will need to be able to password protect an entire
directory. Also, a small set of directories will be for admin eyes
only. BTW, I will have both admin and...
|
by: ChrisB |
last post by:
Hello:
I am a member of a team creating a .NET application, and we seem to have run
into an issue when trying to implement role based security.
Our application makes use of a fairly common (table based) security model in
which privileges are assigned to roles, which are then assigned users. So,
for example, the user "JSmith" may be assigned to a "SalesRep" role and as a
result have "Add Customer", "View Customer", and "Edit Customer"...
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!
| |
by: Aziz |
last post by:
Hi,
I've recently contacted technical service of a web hosting company and
asked them wheter or not they're gonna upgrade to PHP5 and MySQL5.
Here's a quote from their response which confused me a little:
"As php5 and mysql5 are still beta versions we don't install beta
versions on production servers due to secure reasons, we install only
current working versions on production servers"
|
by: sinister |
last post by:
I'm starting a database/web interface project, using Linux and postgresql.
I've programmed in PHP4 in the past, and for this new project am unsure
whether to use PHP4 or PHP5.
My main concerns are stability and security.
What are the pros/cons/issues for PHP4/PHP5 with apache (either 1.3 or 2)?
TIA,
|
by: McKirahan |
last post by:
I am working in two environments neither configuration of
which I can change; one's my Web host the other a client.
My Web host requires the use of the ".php5" extension
to use PHP v5.1.4; where ".php" is used for PHP v4.3.11.
My client supports PHP v5.2.0 with the ".php" extension.
Is there a way to reliably determine if the ".php5" extension
must be used on a server? Perhaps via a "phpinfo()" value?
|
by: FFMG |
last post by:
Hi,
I am slowly moving my code to php5.
But I would like to make it backward compatible in case something bad
happens, (and to make sure I understand what the changes are).
The way the constructors work seem to have changed quite a bit and I am
not getting the same behavior across the versions.
// Some simple code/
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |