[PHP-DOC] Re: [PHP-DEV] Quick Code Audit From: Ron Chmara (ron <email protected>)
Date: 09/06/00

(Note: cc's to php-doc & php-notes)

lists <email protected> wrote:
> dear dev list,
>
> this message is not meant as an insult to the quality of code that has
> been written so far for the project, or to the people writing it - so
> please don't take it as one.
>
> there have been 2 security issues that some might consider as
> "major" appear within the space of the last week (safemode and forms).
>
> it is obvious that third parties are at the moment auditing the codebase
> for their own agendas (ie. sex-symbol status on bugtraq) and that this
> will continue and could possibly damage the reputation of the php project
> (even if it is in a small way).
>
> i think it might be a good idea at this time for everyone who actively
> develops the PHP language (whether you hack on zend or own a small
> module/extension) to work through any outstanding security related issues
> as soon as possible. if you're not sure how to fix it, i'm sure other
> developers will be all too willing to help you out.
>
> if anyone thinks i am outta line here, speak now etc, etc 8^)
>
> thanks for listening,
>
> - avi

Something I wanted to add: It's possible (and likely) that some issues
will be the result of undocumented "features", or documented features
being used in unusual ways. If you see a note, a doc suggestion, that
highlights a bug or feature that can be used to compromise a system,
let's get it in there, and *fast*.

<peptalk>
We all know PHP is powerful enough that you can put an entire hard
drive out of commision in seconds. Let's help our users to *not*
destroy their systems unintentionally, or suffer a malicious attack
on their code that they hadn't considered.
</peptalk>

-Bop 

--
Brought to you from iBop the iMac, a MacOS, Win95, Win98, LinuxPPC machine,
which is currently in MacOS land.  Your bopping may vary.