Comments on: PHP Security Architecture - Contextual Overview http://www.greebo.net/2006/01/27/php-security-architecture-contextual-overview/ mostly useless crap from me Thu, 04 Dec 2008 20:45:23 +0000 http://wordpress.org/?v=2.6.5 By: Miguel http://www.greebo.net/2006/01/27/php-security-architecture-contextual-overview/#comment-10269 Miguel Sun, 24 Jun 2007 15:56:45 +0000 http://www.greebo.net/?p=323#comment-10269 Security through obscurity is no security at all Oscar. How about they just make PHP a secure framework/language and stop encouraging bad practices. I still don't understand how PHP is so ubiquitous in today's market with it's record. Not doing sanity checks on input is just stupidity. As an example to stealth vs. smart coding: what happens when a php programmer just displays the content of a file without sanity checking? How is that not exploitable in a hidden system? Learn to code properly and securely. There's not enough emphasis on security when learning and it should change. Security through obscurity is no security at all Oscar. How about they just make PHP a secure framework/language and stop encouraging bad practices. I still don’t understand how PHP is so ubiquitous in today’s market with it’s record. Not doing sanity checks on input is just stupidity.

As an example to stealth vs. smart coding: what happens when a php programmer just displays the content of a file without sanity checking? How is that not exploitable in a hidden system?

Learn to code properly and securely. There’s not enough emphasis on security when learning and it should change.

]]> By: Oscar F. Durón http://www.greebo.net/2006/01/27/php-security-architecture-contextual-overview/#comment-5966 Oscar F. Durón Thu, 01 Feb 2007 19:12:54 +0000 http://www.greebo.net/?p=323#comment-5966 Security is the never ending story. Learn from nature. Which are the hardest viruses to kill? Those which change. Which is the best natural deffence? Mimetize, Stealth. Learn from the attackers (hackers) the first thing they do is to hide. So the day I see an easy way to hide all about my OS, my apache server, that I am using php, and having a way to continously change my command tockens, I think it will be 99.99 % secure my system. Then the problem will be the programmer code, if he codes insecure it will be his problem. But this days, 90% of the programmer tasks are dealing with the holes already mentioned, no matter how, but that is what we have to do. Stop constructing os, and language bunkers. We do no need turtles or armadillos. Security is the never ending story. Learn from nature. Which are the hardest viruses to kill? Those which change. Which is the best natural deffence? Mimetize, Stealth. Learn from the attackers (hackers) the first thing they do is to hide. So the day I see an easy way to hide all about my OS, my apache server, that I am using php, and having a way to continously change my command tockens, I think it will be 99.99 % secure my system. Then the problem will be the programmer code, if he codes insecure it will be his problem. But this days, 90% of the programmer tasks are dealing with the holes already mentioned, no matter how, but that is what we have to do. Stop constructing os, and language bunkers. We do no need turtles or armadillos.

]]>