[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
PHP, Security, etc.
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 22
Thread images: 9
File: php_security.png (110 KB, 750x400) Image search: [iqdb] [SauceNao] [Google]
php_security.png
110 KB, 750x400
Hey, anyone saw the recent influx of security changes being proposed to PHP?

Are any of them any good?

http://news.php.net/php.internals/90274

http://news.php.net/php.internals/90249

http://news.php.net/php.internals/90350

http://news.php.net/php.internals/90445

Or will PHP always be an insecure heap of shit?
>>
>le PHP is insecure may-may
>I'm too stupid to prevent XSS holes and SQL injections without the language making them basically impossible: the thread
>>
File: base64_no.png (133 KB, 560x504) Image search: [iqdb] [SauceNao] [Google]
base64_no.png
133 KB, 560x504
>>52342339
I didn't say anything about XSS or SQL Injections m8

dem unserialize() RCEs tho
>>
>>52342339
this
>>
File: 1439119464435.jpg (49 KB, 550x600) Image search: [iqdb] [SauceNao] [Google]
1439119464435.jpg
49 KB, 550x600
>>52342339
>>52342354
>>
>>52342262
insecure by design
>>
>>52342262
All of those suggestions are pretty good, though they're not going to do anything to stop inexperienced developers from making bad decisions (which will never stop happening regardless of what changes get made to PHP). I do like that the changes may break backwards compatibility with weak security, which would force project owners to update (inb4 "we're sticking with PHP 5.x!")
>>
File: 1384821039705.jpg (232 KB, 750x1000) Image search: [iqdb] [SauceNao] [Google]
1384821039705.jpg
232 KB, 750x1000
>>52342441
Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day. Then they deserve to burn.
>>
>>52342467
>Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day.

>Until

Isn't it ridiculously easy to upload a shell to these meme websites? Seems like PHP is too shit to be used.
>>
>>52342467
Agreed.
>>
File: 200_s.gif (63 KB, 437x200) Image search: [iqdb] [SauceNao] [Google]
200_s.gif
63 KB, 437x200
>>52342476
Upload? Maybe.

Execute? Idk
>>
>>52342476
Is it? The fact that you haven't done it tells me it probably isn't that "ridiculously easy".
>>
>>52342525
I don't really know I just watched some youtube videos and security researchers were saying skids use PHP for their c&c and a huge majority of them are exploitable. (and they showed how it's done)
>>
>>52342262
Three out of those four are from the same nobody trying to make a name for himself with this: https://wiki.php.net/rfc/php71-crypto

I don't know what libsodium is but I'm sure it's an NSA ruse

>inb4 some securitard calls me a fag
>>
File: 1398574226455.gif (2 MB, 325x213) Image search: [iqdb] [SauceNao] [Google]
1398574226455.gif
2 MB, 325x213
>>52342476
Please elaborate on what these "meme websites" are, friend
>>
File: 069.jpg (9 KB, 217x232) Image search: [iqdb] [SauceNao] [Google]
069.jpg
9 KB, 217x232
>>52342543

> doesn't know who Daniel J. Bernstein is

> doesn't know who Frank Denis is

> thinks libsodium is NSA

GTFO
>>
File: goatsebuntu.png (14 KB, 297x253) Image search: [iqdb] [SauceNao] [Google]
goatsebuntu.png
14 KB, 297x253
>>52342546
I second this query.
>>
>>52342543
You're right. I didn't even notice the names were the same!

So it's just some unimportant aspie then?
>>
>>52342546
>>52342579
You can literally google dork for them
>>
File: 1362095890981.gif (499 KB, 245x176) Image search: [iqdb] [SauceNao] [Google]
1362095890981.gif
499 KB, 245x176
>>52342955
>>
>>52342339
This
>>
>>52342339
A language should at least not encourage them.
But if you don't use PHP without a templating language nowadays, you're doing it wrong anyway.
Thread replies: 22
Thread images: 9
Thread DB ID: 423122



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.