PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

File Version Management in PHP
Preventing SQL Injection, Part 3
In Case You Missed It...
Installing Apache and PHP under Win32
PHP Web Blog - Part 1

RE: [PHP-DEV] CVS Account Request From: Zeev Suraski (zeev <email protected>)
Date: 11/15/00

Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
Previous message: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
In reply to: Mike Robinson: "RE: [PHP-DEV] CVS Account Request"
Next in thread: Rasmus Lerdorf: "RE: [PHP-DEV] CVS Account Request"
Reply: Rasmus Lerdorf: "RE: [PHP-DEV] CVS Account Request"
Reply: John Donagher: "RE: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 23:17 15/11/2000, Mike Robinson wrote:
>Rasmus wrote:
>
> > We have yet to have a problem and it feels to me like you
> > are trying to fix something that isn't broken.
>
>IMHO, bingo.

I was actually meaning to try and test this system, by applying from a fake
Email, obtaining access, and injecting a security hole into the source
tree, just to show how easy it is. I finally decided against it, mainly
due to lack of time.

Do you guys remember the people who hacked apache.org? They did it just to
show how easy it is, and if they weren't 'white hats', they could have
easily injected bogus code into the most popular Web server in the
world. PHP is the most popular opensource Web language in the world, and
we shouldn't make it easier for hackers to get in.

In my opinion, waiting for such a thing to happen instead of fixing it
beforehand is, well, not-smart.

CVS ACL's may be the best solution, I'm not too familiar with what you can
and cannot do with them yet.

Zeev

--
Zeev Suraski   <zeev <email protected>>
CTO, Zend Technologies Ltd.  http://www.zend.com/
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
Previous message: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
In reply to: Mike Robinson: "RE: [PHP-DEV] CVS Account Request"
Next in thread: Rasmus Lerdorf: "RE: [PHP-DEV] CVS Account Request"
Reply: Rasmus Lerdorf: "RE: [PHP-DEV] CVS Account Request"
Reply: John Donagher: "RE: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]