[nycphp-talk] latest vulnerabilities...
Hans Zaunere
zaunere at yahoo.com
Tue Jun 10 12:15:55 EDT 2003
--- Chris Snyder <chris at psydeshow.org> wrote:
> Hans Zaunere wrote:
>
> >Like sendmail, I think we need to start a "Don't Blame PHP" campaign. All
> >except one of these issues is application related - not PHP itself. Yet,
> >when talking with "outsiders" about PHP, a common theme is insecurity.
> >
> >
> The blessing and curse of the language is how easy it is for a relative
> novice to pick it up and cobble together a really powerful application,
> without knowing or caring about all the different ways that somebody
> could come along and abuse it. The fact that most PHP code operates in a
> hostile environment (the internet) compounds the perception problem.
>
> Look at it this way-- peer review has just upgraded security on seven
> different PHP projects! Maybe NYPHP should have review team that pokes
> at member-submitted apps and checks for things like unescaped UIDs from
> cookies and cross-site-scripting opportunities.
This is a great idea. How could this get started? A blog? Forum? New
software?
H
>
> Thanks for posting that summary, Dan!
>
> chris.
>
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>
More information about the talk
mailing list