Found security expliot in port phpBB 2.0.8 FreeBSD4.10
Brett Glass
brett at lariat.org
Wed Dec 29 09:48:21 PST 2004
At 07:30 AM 12/29/2004, Jerry Bell wrote:
>At the end of the day, PHP isn't really the problem. The problem is that
>people are not taking the time to learn how to code securely given the
>tool they are using.
In this case, the problem is really not the language but the Web itself.
Preserving the state of an ongoing transaction in a secure and tamper-proof
manner is a thorny problem regardless of language -- and it has gotten
harder because the abuse of cookies to invade privacy has caused so many
people to restrict them or turn them off. Absent a default solution that's
already been honed for security, programmers will tend to cut corners or
will have to learn security basics from scratch -- the hard way.
--Brett Glass
More information about the freebsd-security
mailing list