onPHP5.com

PHP5 More Secure than PHP4

• PHP5 core does not have some of the weaknesses of the PHP4, like 16-bit reference counters that can easily overflow


• more people use PHP's Object-Oriented features, and fewer global variables are used, thus protecting from register_globals vulnerabilities


• PHP5 comes with better hashing functions by default


• however, some of the old PHP code is now vulnerable, because some things have changed. For example the magic_quotes_gpc feature no longer includes the _SERVER/_ENV variables, and old code that relied on that functionality, is now insecure



Stefan concluded, that PHP5 is more secure, however, some internal workings have changed in such a way that old code may experience negative side-effect.

Stefan Esser is the founder of the Hardened-PHP Project and the PHP Security Response Team. He discovered many vulnerabilities in the PHP core as well as other popular software over recent years.

For full interview please click here.

Related articles

Advocating Namespaces
Exceptions in __autoload()
i18n with PHP5: Pitfalls
SimpleXML, DOM and Encodings
Error On devzone.zend.com
Clickable, Obfuscated Email Addresses
PHP Version 5.2.4 (RC1) Released for Testing
PHP Version 5.2.4 Released
PHP Version 5.2.5 Released
PHP Version 5.2.3 Released
Learning PHP Data Objects
Most Important Feature of PHP 5?
Some SEO Tips You Would Not Like to Miss
Sorting Non-English Strings with MySQL and PHP (Part 1)
PHP Version 5.2.1 Released
PHP Version 5.2.2 (RC1) Released for Testing
PHP Version 5.2.2 Released


Post your comment

Your name:

Comment:

Protection code:
 


Note: Comments to this article are premoderated. They won't be immediately published.
Only comments that are related to this article will be published.