News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
PHP Security - Dumb Users or Dumb APIs?
January 25, 2006 @ 07:06:37

On the SitePoint PHP Blog today, there's a new post from Harry Fuecks with his take on the whole "PHP security" issue that's being tossed around lately.

There's another round of "Is PHP Secure?" debate happening right now. Chris drew attention to it, pointing to a post by Andrew van der Stock (who's a contributor to OWASP): PHP Insecurity: Failure of Leadership.

So the usual denials have been made (see replies to Chris's entry) - "Damn newbies", "Holes in PHP-based app != PHP insecure", etc., all of which I agree with. But...

He also mentions that this kind of talk could do more harm than good, making people that were on the edge lean back and take another look somewhere else. He also gives an example, a short bit of PHP and HTML that shines light on a typical XSS example - and asks if it's the developer's fault for not knowing, or the language's fault for not handling it right? Other topics he touches on as well are short tags and the use of filtering for all user input...

0 comments voice your opinion now!
security dumb user api xss short tag htmlspecialchars security dumb user api xss short tag htmlspecialchars


blog comments powered by Disqus

Similar Posts

Milw0rm.com: Exploit - PHP5 COM Object Security Bypass (Windows)

Ben Ramsey\'s Blog: Peruser MPM for Apache

Codewalkers.com: New Tutorial - Coding \"Best Practices\" - or at least \"Better Practices\"

Kaj Kandler's Blog: Scott Mattocks on PHP-GTK

Atlanta PHP Users Group: June 1st Meeting @ 7pm


Community Events





Don't see your event here?
Let us know!


install language configure release developer community testing unittest code podcast refactor threedevsandamaybe interview wordpress framework laravel introduction series opinion list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework