Top Tags
ajax
article
codeigniter
conference
dom
namespace
news
onphp5
oop
php5
poll
prado
security
solar
sqlite
symfony
unicode
zend core
zend framework
zend platform
More tags »
Not logged in
Login |
Register
den_hotmail@fbzz
|
PHP5 More Secure than PHP4
By dennisp
on Thursday, 08 February 2007, 14:51
Published under:
php5
security
Views: 8557, comments: 0
SecurityFocus has published interview with Stefan Esser, an independent security consultant and application developer, who founded the PHP Security Response Team.
The interview is about general security issues in PHP, however, it also touched the security of PHP5. The main points regarding PHP5 security are:
- PHP5 core does not have some of the weaknesses of the PHP4, like 16-bit reference counters that can easily overflow
- more people use PHP's Object-Oriented features, and fewer global variables are used, thus protecting from register_globals vulnerabilities
- PHP5 comes with better hashing functions by default
- however, some of the old PHP code is now vulnerable, because some things have changed. For example the magic_quotes_gpc feature no longer includes the _SERVER/_ENV variables, and old code that relied on that functionality, is now insecure
Note: Comments to this article are premoderated. They won't be immediately published.
Only comments that are related to this article will be published.
|
