Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

PHP Security Bug Programming

'Month of PHP Security' Finds 60 Bugs 120

Posted by kdawson
from the new-mops-sweep-clean dept.
darthcamaro writes "More than 60 bugs were reported in PHP over the last 30 days by the Month of PHP Security project. Most of the flaws, however, are ones that developers themselves can protect against with proper coding practices, according to Andi Gutmans, CEO of commercial PHP vendor Zend. He argues that PHP security is a matter of setting expectations. In his view, PHP — like all development languages — is only as secure as the code developers write with it. 'People should not expect PHP to be able to enforce security boundaries on a developer [who] has permissions to run custom PHP code,' Gutmans said. 'It's an inherently flawed scenario — and it's the wrong layer to protect in. People must rely on properly configured OS-level permissions for securing against untrusted developers.' Gutmans also praised the MOPS effort for elevating the profile of PHP security throughout the community, and for responsibly alerting the PHP project first with the bugs they found."
This discussion has been archived. No new comments can be posted.

'Month of PHP Security' Finds 60 Bugs

Comments Filter:

"Pay no attention to the man behind the curtain." -- The Wizard Of Oz