[consulting] Hardened PHP?
Boris Mann
boris at bryght.com
Mon Jan 15 04:29:12 UTC 2007
On 1/14/07, Evan Leibovitch <evan at telly.org> wrote:
> Hi all,
>
> After getting an earful from a programmer friend of how crappy and
> insecure PHP was for a basis of any serious application (Python fan,
> don't ya know), he said that the least I could do is to run my LAMP apps
> under hardened PHP (http://www.hardened-php.net/).
Badly written Python apps are as insecure as badly written PHP apps.
That being said, future versions of PHP are taking options away from
programmers and are making them jump through hoops to get the (for
example) unfiltered text that users enter.
> Are others here using Drupal running on PHP with the hardening patch and
> module? Does it break anything? Looking for info on this on d.o doesn't
> turn up much.
Don't know that anyone has tested much. I found a message about some
strange behaviour on some screens from July 2005
(http://lists.drupal.org/archives/development/2005-07/msg00005.html).
Would seem to indicate that Drupal would work.
--
Boris Mann
Vancouver 778-896-2747
San Francisco 415-367-3595
Skype borismann
http://www.bryght.com
More information about the consulting
mailing list