Read more of this story at Slashdot.
Feeds
105363 items (97572 unread) in 19 feeds
Friends
(1021 unread)
-
2 Star
(84 unread)
-
John Carrino
(12 unread)
-
Comments for Josh the Outspoken
(296 unread)
-
Josh (34 unread)
-
Planet Matt
(595 unread)
Build
(68091 unread)
-
MAKE Magazine
(20292 unread)
-
Instructables.com
(35006 unread)
-
Hack A Day
(5017 unread)
-
Toolmonger
(7776 unread)
Heads
(716 unread)
-
Exploration Through Example
-
Paul Graham: Unofficial RSS Feed (113 unread)
-
Stevey's Blog Rants
(34 unread)
-
Joel on Software (207 unread)
-
Gibson Blog
(239 unread)
-
Adventures in Bloggery (123 unread)
News
(27537 unread)
-
Slashdot (25203 unread)
-
Economist.com Global Agenda (1412 unread)
-
Ruby Inside
(922 unread)
fun
(207 unread)
-
Templar, Arizona
(207 unread)
Slashdot
-
'Month of PHP Security' Finds 60 Bugs
Posted: June 4th, 2010, 10:30am MDT by kdawson
darthcamaro writes "More than 60 bugs were reported in PHP over the last 30 days by the Month of PHP Security project. Most of the flaws, however, are ones that developers themselves can protect against with proper coding practices, according to Andi Gutmans, CEO of commercial PHP vendor Zend. He argues that PHP security is a matter of setting expectations. In his view, PHP — like all development languages — is only as secure as the code developers write with it. 'People should not expect PHP to be able to enforce security boundaries on a developer [who] has permissions to run custom PHP code,' Gutmans said. 'It's an inherently flawed scenario — and it's the wrong layer to protect in. People must rely on properly configured OS-level permissions for securing against untrusted developers.' Gutmans also praised the MOPS effort for elevating the profile of PHP security throughout the community, and for responsibly alerting the PHP project first with the bugs they found."