Safe PHP a Contradiction in Terms
18-05-2005, 22:22
|
#1
|
|
Ghost Process Killer
Join Date: Oct 2003
Location: 2nd CPU to the right & past the cache
Posts: 1,864
|
Safe PHP a Contradiction in Terms
Whilst browsing I came across this recent article.
I wonder what the PHP users of this forum think ?
Safe PHP a Contradiction in Terms ?
http://www.viruslist.com/en/weblog?d...40463&return=1
__________________
Yesterday it worked. Today it is not working. VM is like that.
Three things are certain: Death, taxes and lost data. Guess which has occurred ?
Last edited by MetaWraith; 18-05-2005 at 22:24.
|
|
|
|
18-05-2005, 22:38
|
#2
|
|
Busy Admin
Join Date: Oct 2003
Location: Nottingham
Age: 45
Services: VM Phone : Sky+ Multiroom : VM Cable (20 Mbps)
Posts: 14,486
|
Re: Safe PHP a Contradiction in Terms
So, the programmer who wrote the script made it include any file in the supplied parameter (local or remote) and hence execute it - basically allowing anyone to run anything on the server  - anyone who does such a stupid thing should never be allowed near code near again. 
__________________
 Click here for a real, interactive, tv guide.
|
|
|
|
|
18-05-2005, 23:02
|
#3
|
Join Date: Jul 2003
Location: Poole, Dorset
Age: 23
Services: Sky+
V-Box
VM 10MBit
Posts: 9,811
|
Re: Safe PHP a Contradiction in Terms
What an idiot... Almost as bad as
PHP Code:
<?php
system($_GET["command"]);
?>
or something along those lines
|
|
|
|
18-05-2005, 23:37
|
#4
|
|
cf.mega poster
Join Date: Jun 2003
Age: 29
Posts: 6,273
|
Re: Safe PHP a Contradiction in Terms
What a load of BS.
ASP is more dangerous IMO (and in my experience) because "it just works" - just like those wireless routers that you can buy in the shops with the least secure settings already preset.
A proper programmer would know how to secure it.
That article is totally redundant.
|
|
|
|
|
18-05-2005, 23:42
|
#5
|
|
Cable Forum Team
Join Date: Jun 2003
Location: It's Lahndun, Innit?
Age: 37
Services: Virgin for TV, BT for phone and Be* for Broadband.
Posts: 17,477
|
Re: Safe PHP a Contradiction in Terms
Just goes to show that ANY language can be dangerous..
__________________
Just to make it clear if a post is bold and is from a team member, it's a moderating decision. If it's not bold or not from a team member, it's not.
"This is an important announcement. This is flight 121 to Los Angeles. If your travel plans today do not include Los Angeles, now would be a perfect time to disembark.”
|
|
|
|
|
18-05-2005, 23:59
|
#6
|
|
Ghost Process Killer
Join Date: Oct 2003
Location: 2nd CPU to the right & past the cache
Posts: 1,864
|
Re: Safe PHP a Contradiction in Terms
I guess you lot pass the test then.
The comments above are more or less what I expected,and mirror my own point of view that it was careless/negligent programming that resulted in the hack.
__________________
Yesterday it worked. Today it is not working. VM is like that.
Three things are certain: Death, taxes and lost data. Guess which has occurred ?
|
|
|
|
|
19-05-2005, 08:28
|
#7
|
|
cf.mega poster
Join Date: Oct 2003
Location: Portsmouth
Age: 30
Posts: 1,684
|
Re: Safe PHP a Contradiction in Terms
Any language is as dangereous it just depends on who codes it. ASP can be secure php can be secure if the coder does not know how to do this then its poor programming... IMHO
|
|
|
|
|
19-05-2005, 08:48
|
#8
|
|
I am not a geek!
Join Date: Jul 2003
Posts: 1,395
|
Re: Safe PHP a Contradiction in Terms
Quote:
|
Originally Posted by Zeph
What an idiot... Almost as bad as
PHP Code:
<?php
system($_GET["command"]);
?>
or something along those lines |
That's not bad per se because it can be an easy way for remote admin of a machine, it's just if you do use it you need to be sure of securing it.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 12:53.
|
Join CF
You are here: 
