NamePros
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.

Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
FAQ & TOS Register Search Today's Posts Mark Forums Read

Go Back   NamePros.com > Website Development Discussion Forums > Programming
Reload this Page "Month of PHP bugs" initiative

Programming PHP, Perl, Ruby on Rails, AJAX, HTML, XHTML, CSS, JavaScript, MySQL and any other coding topics.

Advanced Search


Closed Thread
 
LinkBack Thread Tools
Old 02-22-2007, 06:35 PM THREAD STARTER               #1 (permalink)
NamePros Regular
 
Rudy's Avatar
Join Date: Jul 2005
Location: United States
Posts: 586
Rudy is just really niceRudy is just really niceRudy is just really niceRudy is just really nice
 


Save a Life

Wink "Month of PHP bugs" initiative

Hey folks,
I'm wondering how many of you are aware of this, and what you are thinking about doing with your code as a result. What security measures are you going to take, etc...? I'd also be interested in hearing more about this if anyone has more information. I was first told about this earlier today by our main PHP developer here at the school I attend (I'm a sophomore in college right now).
????: NamePros.com http://www.namepros.com/programming/297539-month-of-php-bugs-initiative.html

This is important stuff to be aware, so if this is the first time you've heard about it, make sure to read below, and follow the link, and do your own research. Security is important, friends.

Here's what I read on Slashdot:
"Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). During an interview with SecurityFocus he announced the upcoming Month of PHP bugs initiative in March."
Originally Posted by Stefan Esser
We will disclose different types of bugs, mainly buffer overflows or double free (/destruction) vulnerabilities, some only local, but some remotely triggerable... Additionally there are some trivial bypass vulnerabilities in PHP's own protection features... As a vulnerability reporter you feel kinda puzzled how people among the PHP Security Response Team can claim in public that they do not know about any security vulnerability in PHP, when you disclosed about 20 holes to them in the two weeks before. At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical. Additionally a few of the reported bugs have been known for years among the PHP developers and will most probably never be fixed. In total we have more than 31 bugs to disclose, and therefore there will be days when more than one vulnerability will be disclosed.
Source: http://developers.slashdot.org/article.pl?...18&from=rss

- David
__________________
Smooth Stone Services
Affordable Web Hosting Solutions Starting at only $4.95/month, IT Consulting and Technical Support

Hunt Sources - Hunting Resources Online
Rudy is offline  
Closed Thread

« [resolved] php & mysql help | Update included files without refresh »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Liquid Web Smart Servers  
All times are GMT -7. The time now is 03:54 AM.

Contact Us - NamePros.com - Privacy Statement - Top
Managed Web Hosting by Liquid Web
Domain name forum recommended by Domaining.com Powered by: vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0 Ad Management plugin by RedTyger