[Info-vax] OS implementation languages
bill
bill.gunshannon at gmail.com
Mon Sep 11 09:21:58 EDT 2023
On 9/11/2023 9:09 AM, Simon Clubley wrote:
> On 2023-09-11, bill <bill.gunshannon at gmail.com> wrote:
>> On 9/11/2023 8:42 AM, Simon Clubley wrote:
>>> On 2023-09-09, bill <bill.gunshannon at gmail.com> wrote:
>>>>
>>>> Which means what in the concept of security? It has nothing
>>>> to do with the syntax or even the function of the programs
>>>> written with it. The problem resides in the PHP interpreter
>>>> and the programmer has no control over it. If certain features
>>>> are turned on, PHP can be coerced to execute arbitrary commands
>>>> on the machine running the web server that is supporting PHP.
>>>>
>>>
>>> If you can turn on those features, it means you can run PHP with
>>> them turned off. It's no different from writing SQL code without
>>> doing any sanitisation of input.
>>
>> Unless your boss says "I want them on."
>>
>
> Then you put it in writing why it is such a bad idea and get confirmation
> to proceed also in writing. You also CC your coworkers and others so
> that when it goes wrong, you can prove you are not to blame.
>
Simon,
You need to come live in the real world. The boss doesn't need
to do anything you want him to do. And bad mouthing him to your
coworkers is very likely to just get you fired.
bill
More information about the Info-vax
mailing list