RasmuS Lerdorf oh PHP and Internet security. (One of the sessions I attended at OSCMS)
(For what it’s worth – if you have any issue or disagreement with my barely technical descriptions below, please take it up “in original” – i.e. with Rasmus, and not me. PHP security auditing is not my job, and I’m just giving a basic report back).
For example, a (trap) page could load in invisible
Someone asked him if he ever developed a tool to scan pages for the types of holes in poorly formatted PHP that he was talking about. He admitted he had, but he did not make the tool avaialble, because he would discover too many large corporate sites (including banks) that had vulnerabilities. In his words, “I didn’t want to be the guy that released the tool that broke the web.”
(If anyone finds a link to his presentation – did he even have any slides? – lemme know.)
Technorati Tags: drupal, php, security
powered by performancing firefox