From owner-freebsd-security@FreeBSD.ORG Wed Dec 29 14:30:49 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CBA816A4CE for ; Wed, 29 Dec 2004 14:30:49 +0000 (GMT) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F26643D2D for ; Wed, 29 Dec 2004 14:30:49 +0000 (GMT) (envelope-from jerry@syslog.org) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.43 (FreeBSD)) id 1CjeqQ-0001if-0J; Wed, 29 Dec 2004 09:30:34 -0500 Received: from 209.134.164.137 (SquirrelMail authenticated user jerry@syslog.org); by www.stelesys.com with HTTP; Wed, 29 Dec 2004 09:30:34 -0500 (EST) Message-ID: <3741.209.134.164.137.1104330634.squirrel@209.134.164.137> In-Reply-To: <41D2BB75.7030607@rackoperations.com> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> <41D0C276.7080100@elischer.org> <41D2BB75.7030607@rackoperations.com> Date: Wed, 29 Dec 2004 09:30:34 -0500 (EST) From: "Jerry Bell" To: "Sean Countryman" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-security@freebsd.org Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Dec 2004 14:30:49 -0000 At the end of the day, PHP isn't really the problem. The problem is that people are not taking the time to learn how to code securely given the tool they are using. I do think that PHP has had the effect of lowering the bar on what it takes to be a "web programmer", though. Jerry http://www.syslog.org > You could also ask the wind to stop blowing... > > Like it or not, PHP is clearly a dominate language and is probably here > to stay for some time. It's definitely better than some other > alternatives (but I'll refrain from flames). > > Dag-Erling Smørgrav wrote: > >>Julian Elischer writes: >> >> >>>might be a good idea if we "urged" users to update their phpbb a bit >>>more vocally. >>> >>> >> >>...or we could urge them to stop using PHP at all. >> >>DES >> >> > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >