[Info-vax] OS implementation languages
bill
bill.gunshannon at gmail.com
Mon Sep 11 08:52:32 EDT 2023
On 9/11/2023 8:42 AM, Simon Clubley wrote:
> On 2023-09-09, bill <bill.gunshannon at gmail.com> wrote:
>>
>> Which means what in the concept of security? It has nothing
>> to do with the syntax or even the function of the programs
>> written with it. The problem resides in the PHP interpreter
>> and the programmer has no control over it. If certain features
>> are turned on, PHP can be coerced to execute arbitrary commands
>> on the machine running the web server that is supporting PHP.
>>
>
> If you can turn on those features, it means you can run PHP with
> them turned off. It's no different from writing SQL code without
> doing any sanitisation of input.
Unless your boss says "I want them on."
>
>> Unless someone actually fixed this. I have been out of that game
>> for almost 10 years now. But I would still never trust PHP.
>>
>
> And that would be a very wise move, given the nature of PHP.
>
> However, it doesn't mean there's something at the core of PHP that's
> always turned on that can't be worked around by someone who knows
> what they are doing.
Unless your boss says "I want them on."
bill
More information about the Info-vax
mailing list