[CS-FSLUG] Afterthought (was PHP vulnerabilities?)
Ed Hurst
ehurst at asisaid.com
Fri Jun 2 09:48:31 CDT 2006
Tim Young wrote:
> No matter how well you lock down the server itself, if the code you run
> on the server is poorly written, it can still be compromised. :)
My current reading indicates there's a lot of this stuff going around,
not just on PHP sites. There's a claim of an IIS vulnerability for ASP:
http://blogs.zdnet.com/Ou/index.php?p=239
I suppose it's rather obvious: the more complicated your site
presentation is, the more likely holes can be found and exploited.
So the guy I read who writes on matters of national security, I note,
uses what amounts to static content display. His articles are added on
top like a blog, but it's not served from a database. When the current
page gets too long, he just archives the content portion, then replaces
it in the display with a new content section. A lot of manual work, but
much more secure, I'd say. Sure does load fast.
--
Ed Hurst
----------
Bible Application - http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help - http://ed.asisaid.com/
Mission, Method & Means - http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list