Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Prevent access shared server using PHP
- Date: Wed, 02 Mar 2011 11:40:37 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Prevent access shared server using PHP
- References: <4D6D0A40.5000208@example.com> <4D6D96AA.9010004@example.com>
Darren Cook writes: > P.S. The existence of suhosin is a better argument for PHP being > insecure (while also nicely quantifying the degree of the insecurity) > than any of the others I saw. ;-) Then you missed the most important one: a lot of people who have thought carefully about security don't trust systems incorporating PHP. *This is not an argument from authority.* One, (not insecure) => secure is *false*. The "law of the excluded middle" doesn't hold here. Two, security is about *systems*. A secure system is supported. In other words, if you want security, you want some *assurance* of security. The people whose opinions I trust here, *and would go to for advice*, recommend something else. Based on assurance and support, I would certainly look elsewhere first, if security were important to me. It's possible that PHP is indeed secure, as normally deployed. But the burden of proof is on PHP advocates, given the software's history.
- References:
- [tlug] Prevent access shared server using PHP
- From: Pietro Zuco
- Re: [tlug] Prevent access shared server using PHP
- From: Darren Cook
- [tlug] Prevent access shared server using PHP
- Prev by Date: [tlug] Call for lightning talk presenters for March 5th technical meeting.
- Next by Date: Re: [tlug] Prevent access shared server using PHP
- Previous by thread: Re: [tlug] Prevent access shared server using PHP
- Next by thread: Re: [tlug] Prevent access shared server using PHP
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |