Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10
At 07:30 AM 12/29/2004, Jerry Bell wrote:
>At the end of the day, PHP isn't really the problem. The problem is that
>people are not taking the time to learn how to code securely given the
>tool they are using.
In this case, the problem is really not the language but the Web itself.
Preserving the state of an ongoing transaction in a secure and tamper-proof
manner is a thorny problem regardless of language -- and it has gotten
harder because the abuse of cookies to invade privacy has caused so many
people to restrict them or turn them off. Absent a default solution that's
already been honed for security, programmers will tend to cut corners or
will have to learn security basics from scratch -- the hard way.
--Brett Glass
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 9 之 18 篇):