NYCPHP Meetup

NYPHP.org

[nycphp-talk] apocryphal safe mode bug and SANS' alert CAN-2003-0863

Tim Gales tgales at tgaconnect.com
Sat Nov 15 20:06:04 EST 2003


Chris Schiflett wrote:
> So, that line has not changed since Feb 2002. His email is 
> from Jul 2003. This leads me to believe that his argument is 
> completely invalid, even at the time that he wrote that email.
>

Firstly, thanks very much Chris for taking the time to read
and respond to my earlier post.

Your response is pretty compelling evidence that there is and was no bug
(and your response is much more concise and concrete than the argument I
had in mind)

The guy was clearly wrong but still SANS picked it up and published it as
a 
possible problem.

And the ISS page makes it look like there is a gaping security hole in
PHP.

Maybe NYPHP should have a section debunking some of the myths which get
propagated
about PHP.

T. Gales & Associates
'Helping People Connect with Technology'

http://www.tgaconnect.com

> 




More information about the talk mailing list