 |
 |
 |
 |
|
|
Date: 10/20/00
- Next message: jerome.ponsin <email protected>: "[PHP-DEV] PHP 4.0 Bug #7366: libphp4.so can't find libclntsh.so.8.0 (oracle oci8)"
- Previous message: alex-spam <email protected>: "[PHP-DEV] PHP 4.0 Bug #7365: php_value error_reporting doesn't work for me"
- In reply to: Kristian Köhntopp: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
- Next in thread: Jason Greene: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
safe_mode needs a revision anyway and I don't like advertising it as being
bullet proof. I actually started to centralize stuff with the changes I did
a while back in fopen-wrappers but there is still quite a lot of work to be
done.
I agree that we should have such a safe programming chapter. You mention a
lot of valid points. However, it isn't an all or nothing situation. We can
start by writing about the env -i suggestion and extend the chapter more
and more, including things like register_globals=off and so on.
Anyway, I'm gone for a short weekend now.
See ya,
Andi
At 12:51 PM 10/20/00 +0200, Kristian Köhntopp wrote:
>Andi Gutmans wrote:
> > I think it should be done on the user level like you
> > pointed out below. We could put such a suggestion in
> > the manual (to run with env -i).
>
>This is by far not enough. If you are going to
>put a chapter on safe deployment policies into
>the manual, you need to differentiate along
>Windows and Unix systems, and along CGI and
>module versions of PHP. You'd want to talk about
>properties and limitations of safe_mode, about
>Unix process limits such as setrlimit and chroot,
>about typical additional safeguards for system
>security such as "env -i", "suexec replaced by
>sbox, using chroot", about the need to differentiate
>anonymous root (http docroot) vs. authenticated root
>(ftp chroot, being one level ABOVE docroot in order
>to make directories without unauthenticated access
>available) and the need to store logfiles and
>configuration files outside of docroot.
>
>Also, there should be talk about secure PHP programming,
>touching not only system level security as above,
>but also application level security. The section should
>be talking about control flow analysis, tainted variables,
>input validation with regexp and other stuff, avoiding
>register_globals = On in order to facilitate that, writing
>programs in PHP normal form, event driven programming
>and validation methods and finally designing secure and
>ergonomic URLs for your application access...
>
>You could, on the other hand, just buy the book by Till
>and Tobias, which already covers most of this.
>
>Kristian
>
>
>--
>Kristian Köhntopp, NetUSE AG Siemenswall, D-24107 Kiel
>Tel: +49 431 386 436 00, Fax: +49 431 386 435 99
>Using PHP3? See our web development library at http://phplib.netuse.de/
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
>For additional commands, e-mail: php-dev-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected>
--- Andi Gutmans <andi <email protected>> http://www.zend.com/-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: jerome.ponsin <email protected>: "[PHP-DEV] PHP 4.0 Bug #7366: libphp4.so can't find libclntsh.so.8.0 (oracle oci8)"
- Previous message: alex-spam <email protected>: "[PHP-DEV] PHP 4.0 Bug #7365: php_value error_reporting doesn't work for me"
- In reply to: Kristian Köhntopp: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
- Next in thread: Jason Greene: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]