Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

JSLabs Blog:
Is your website secure?
Mar 21, 2007 @ 08:12:00

In the spirit of the Month of PHP Bugs going on right now (March 2007), Justin Silverton has spotlighted just a few of them in a new entry to the JSLabs blog today.

He mentions issues like:

  • a header() issue that results from a call to it with an all-whitespace string
  • a session issue in PHP5 where an identifier isn't freed correctly
  • and an issue with the compress.bzip2 URL wrapper not following safe_mode or open_basedir restrictions (already corrected).
These are just a few of the bugs that have been reported during the month-long event, so check out php-security.org. He also points to the Suhosin patch that can help alleviate some of these issues.

tagged: secure monthofphpbugs2007 example secure monthofphpbugs2007 example