[Info-vax] OS implementation languages
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Sep 11 09:09:36 EDT 2023
On 2023-09-11, bill <bill.gunshannon at gmail.com> wrote:
> On 9/11/2023 8:42 AM, Simon Clubley wrote:
>> On 2023-09-09, bill <bill.gunshannon at gmail.com> wrote:
>>>
>>> Which means what in the concept of security? It has nothing
>>> to do with the syntax or even the function of the programs
>>> written with it. The problem resides in the PHP interpreter
>>> and the programmer has no control over it. If certain features
>>> are turned on, PHP can be coerced to execute arbitrary commands
>>> on the machine running the web server that is supporting PHP.
>>>
>>
>> If you can turn on those features, it means you can run PHP with
>> them turned off. It's no different from writing SQL code without
>> doing any sanitisation of input.
>
> Unless your boss says "I want them on."
>
Then you put it in writing why it is such a bad idea and get confirmation
to proceed also in writing. You also CC your coworkers and others so
that when it goes wrong, you can prove you are not to blame.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list