Found security expliot in port phpBB 2.0.8 FreeBSD4.10

Brett Glass brett at lariat.org
Wed Dec 29 09:48:21 PST 2004


At 07:30 AM 12/29/2004, Jerry Bell wrote:
  
>At the end of the day, PHP isn't really the problem.  The problem is that
>people are not taking the time to learn how to code securely given the
>tool they are using.

In this case, the problem is really not the language but the Web itself. 
Preserving the state of an ongoing transaction in a secure and tamper-proof
manner is a thorny problem regardless of language -- and it has gotten
harder because the abuse of cookies to invade privacy has caused so many
people to restrict them or turn them off. Absent a default solution that's
already been honed for security, programmers will tend to cut corners or
will have to learn security basics from scratch -- the hard way.

--Brett Glass



More information about the freebsd-security mailing list