[Ldsoss] Scout Tracking
Steven H. McCown
smccown at earthlink.net
Sat Aug 19 13:20:28 EDT 2006
I'm resending this since it bounced. Something about being over 40KB.
There are some more serious security implications with your choice of tools
(e.g., injections). Far from the definitive word, these are hotly debated,
demonstrated, and refuted. Here are a couple of blog articles that you
should research and consider re PHP:
- PHP Insecurity: Failure of Leadership (http://www.greebo.net/?p=320)
- PHP Security: Dumb Users or Dumb APIs?
(http://www.sitepoint.com/blogs/2006/01/24/php-security-dumb-users-or-dumb-a
pis/)
This is from last year's Blackhat, but it's fairly new and still relevant:
- Beefed up OWASP 2.0 introduced at BlackHat
(http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1111
443,00.html) and (http://www.owasp.org/index.php/Main_Page)
How to harden this? It's a moving target. PHP6? Until it is released and
then I'll say PHP7. ;-)
The key is that if you don't *really* have to be web-accessible, then don't.
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ldsoss.org/pipermail/ldsoss/attachments/20060819/833447a7/attachment.htm
More information about the Ldsoss
mailing list