|
|
Posted by Miles Thompson on 08/26/05 16:07
At 02:37 AM 8/26/2005, Santosh Jambhlikar wrote:
>As this is the php mailing list it is obvious that i should not write
>against php. but people should know the truth. And it's a news (not by me)
>that's why i wanted to send link to u peoples.
>I am sorry if i did something wrong, i am new user in php mailing list.
>
>
>Jasper Bryant-Greene wrote:
>
>>Santosh Jambhlikar wrote:
>>
>>>also
>>>
>>>PHP HIT BY ANOTHER CRITICAL FLAW
>>>
>>>A new security flaw in the PHP Web service protocol used by a large
>>>number of Web applications could allow attackers to take control of
>>>vulnerable servers.
>>>http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
>>>
>>
>>
>>
>>You are spreading FUD about PHP. Stop it. If you actually *read* the
>>article carefully you will find that not only is this not a PHP bug, but
>>a bug with two XMLRPC libraries written *for* PHP. Not PHP itself. This
>>is completely irrelevant to the original topic, as I didn't see the OP
>>asking for XMLRPC security advice.
>>
>>While you're at it, why not publish an article "PHP HIT BY ANOTHER
>>CRITICAL FLAW" with the text "A new security flaw in my website, which is
>>developed using PHP, surfaced today..."
>>
>>Jasper
Santosh,
It's a good article, lousy and inaccurate headline, with an unfortunate
mistake in describing a language as a protocol. Furthermore, if you look
towards the bottom of the page, beneath the security blog and the links
following, you will see that it was reprinted from TechWorld. So, alarmist
filler with no fact-checking.
Nevertheless, there's a useful link to the probable source of the article
at hardened-php; something many newspapers do not want to bother with.
So, for everyone unhappy about the headline and the "protocol" error",
mailto:php-general@lists.php.net?SUBJECT=PHP%20Hit%20by%20another%20critical%20security%20flaw%20(104214)
Or click on the feedback button to the right of the headline.
And as for someone else's comment that it's OK to write against PHP, as
long as it's factual. Right on!!
Miles
Navigation:
[Reply to this message]
|