More tags »
Not logged in
PHP5 More Secure than PHP4
on Thursday, 08 February 2007, 14:51
Views: 9172, comments: 0
SecurityFocus has published interview with Stefan Esser, an independent security consultant and application developer, who founded the PHP Security Response Team.
The interview is about general security issues in PHP, however, it also touched the security of PHP5. The main points regarding PHP5 security are:
Note: Comments to this article are premoderated. They won't be immediately published.
- PHP5 core does not have some of the weaknesses of the PHP4, like 16-bit reference counters that can easily overflow
- more people use PHP's Object-Oriented features, and fewer global variables are used, thus protecting from register_globals vulnerabilities
- PHP5 comes with better hashing functions by default
- however, some of the old PHP code is now vulnerable, because some things have changed. For example the magic_quotes_gpc feature no longer includes the _SERVER/_ENV variables, and old code that relied on that functionality, is now insecure
Only comments that are related to this article will be published.