From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HKUpf-00024b-67 for garchives@archives.gentoo.org; Fri, 23 Feb 2007 07:27:07 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1N7OXwW010071; Fri, 23 Feb 2007 07:24:33 GMT Received: from cranium.sybase.co.za (sqlprd.sybase.co.za [192.96.139.1]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1N7JIOp004071 for ; Fri, 23 Feb 2007 07:19:21 GMT Received: from localhost (cranium.sybase.co.za [127.0.0.1]) by cranium.sybase.co.za (Postfix) with ESMTP id 98B2C83463 for ; Fri, 23 Feb 2007 09:27:10 +0200 (SAST) X-Virus-Scanned: amavisd-new at sybase.co.za Received: from cranium.sybase.co.za ([127.0.0.1]) by localhost (cranium.sybase.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRYkG-VNxd6v for ; Fri, 23 Feb 2007 09:27:03 +0200 (SAST) Received: from bard.sybase.co.za (bard.sybase.co.za [192.168.2.6]) by cranium.sybase.co.za (Postfix) with ESMTP id A91BE83462 for ; Fri, 23 Feb 2007 09:27:03 +0200 (SAST) Received: from nazgul.sybase.co.za ([192.168.2.68]) by bard.sybase.co.za with Microsoft SMTPSVC(6.0.3790.1830); Fri, 23 Feb 2007 09:21:02 +0200 From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them Date: Fri, 23 Feb 2007 09:17:07 +0200 User-Agent: KMail/1.9.6 References: <1172162733.11117.35.camel@camille.espersunited.com> <200702221933.04620.alan@linuxholdings.co.za> <4ef07b8c0702221002k6356eaeer209d0027fb0e826b@mail.gmail.com> In-Reply-To: <4ef07b8c0702221002k6356eaeer209d0027fb0e826b@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200702230917.07601.alan@linuxholdings.co.za> X-OriginalArrivalTime: 23 Feb 2007 07:21:02.0218 (UTC) FILETIME=[2C4AC6A0:01C7571B] X-Archives-Salt: 229edb4b-a5f4-4d3e-a189-7c96a22151e0 X-Archives-Hash: 75a278f7b4eab755212e2dac9c4ba001 On Thursday 22 February 2007, Dan Cowsill wrote: > Actually, I'd be pretty interested in what you have to rant about > PHP. I run apache with php_mod installed and have the http port open. > =C2=A0Is there a security risk I should be aware of? The problem is not so much with php itself - that' s just a language. If=20 the langauge were at fault, we'd have to chuck C becuase of all the=20 exploits that are possible when you code in it. The problem is that php enables every kid and his dog to put an=20 interactive site up on the net. So, every kid and his dog does. All the=20 while making coding mistakes that open holes. Forum software seems=20 especially prone. Apache and php_mod themselves are as safe as is reasonable, at least I=20 haven't seen many weaknesses reported on those two packages. To know if=20 you should be taking extra security precautions, watch for security=20 advisories about the php apps you have running alan =2D-=20 Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- gentoo-user@gentoo.org mailing list