|
Posted by Santosh Jambhlikar on 08/26/05 08:37
As this is the php mailing list it is obvious that i should not write
against php. but people should know the truth. And it's a news (not by
me) that's why i wanted to send link to u peoples.
I am sorry if i did something wrong, i am new user in php mailing list.
Jasper Bryant-Greene wrote:
> Santosh Jambhlikar wrote:
>
>> also
>>
>> PHP HIT BY ANOTHER CRITICAL FLAW
>>
>> A new security flaw in the PHP Web service protocol used by a large
>> number of Web applications could allow attackers to take control of
>> vulnerable servers.
>> http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
>
>
>
> You are spreading FUD about PHP. Stop it. If you actually *read* the
> article carefully you will find that not only is this not a PHP bug,
> but a bug with two XMLRPC libraries written *for* PHP. Not PHP itself.
> This is completely irrelevant to the original topic, as I didn't see
> the OP asking for XMLRPC security advice.
>
> While you're at it, why not publish an article "PHP HIT BY ANOTHER
> CRITICAL FLAW" with the text "A new security flaw in my website, which
> is developed using PHP, surfaced today..."
>
> Jasper
>
[Back to original message]
|