Hey, anyone saw the recent influx of security changes being proposed to PHP?
Are any of them any good?
Or will PHP always be an insecure heap of shit?
I didn't say anything about XSS or SQL Injections m8
dem unserialize() RCEs tho
All of those suggestions are pretty good, though they're not going to do anything to stop inexperienced developers from making bad decisions (which will never stop happening regardless of what changes get made to PHP). I do like that the changes may break backwards compatibility with weak security, which would force project owners to update (inb4 "we're sticking with PHP 5.x!")
Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day. Then they deserve to burn.
>Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day.
Isn't it ridiculously easy to upload a shell to these meme websites? Seems like PHP is too shit to be used.
I don't really know I just watched some youtube videos and security researchers were saying skids use PHP for their c&c and a huge majority of them are exploitable. (and they showed how it's done)
Three out of those four are from the same nobody trying to make a name for himself with this: https://wiki.php.net/rfc/php71-crypto
I don't know what libsodium is but I'm sure it's an NSA ruse
>inb4 some securitard calls me a fag
Please elaborate on what these "meme websites" are, friend
> doesn't know who Daniel J. Bernstein is
> doesn't know who Frank Denis is
> thinks libsodium is NSA