 |
 |
 |
 |
|
|
Date: 11/15/00
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Next in thread: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 00:37 16/11/2000, Rasmus Lerdorf wrote:
> > Do you guys remember the people who hacked apache.org? They did it just to
> > show how easy it is, and if they weren't 'white hats', they could have
> > easily injected bogus code into the most popular Web server in the
> > world. PHP is the most popular opensource Web language in the world, and
> > we shouldn't make it easier for hackers to get in.
>
>That was a completely separate situation. And nothing that has been
>mentioned here would do anything to prevent such an attack on PHP.
I didn't say it was. It was an example showing that the motivation is
*THERE*. If you needed a clear proof, it's that.
Other than that, there are no similarities. People can inject security
bugs in the PHP CVS in much, much easier ways than the guys who hacked
apache.org. The way things are right now, we'll practically give them this
access on a silver platter.
Zeev
-- Zeev Suraski <zeev <email protected>> CTO, Zend Technologies Ltd. http://www.zend.com/-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Next in thread: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]