The hardened version of PHP does not protect from the most common<br>problems: SQL injection, Cross Site Scripting (XSS) and arbitrary code <br>execution.<br><br>These problems are present in other languages too, and are not specific
<br>to PHP, but because it is the most used language on the web, there are<br>lots of programmers that write apps that are prone to these attacks.<br><br><div><span class="gmail_quote">On 1/14/07, <b class="gmail_sendername">
Evan Leibovitch</b> <<a href="mailto:evan@telly.org">evan@telly.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br><br>After getting an earful from a programmer friend of how crappy and<br>insecure PHP was for a basis of any serious application (Python fan,<br>don't ya know), he said that the least I could do is to run my LAMP apps
<br>under hardened PHP (<a href="http://www.hardened-php.net/">http://www.hardened-php.net/</a>).<br><br>Are others here using Drupal running on PHP with the hardening patch and<br>module? Does it break anything? Looking for info on this on
d.o doesn't<br>turn up much.<br><br>Thanks!<br><br>- Evan<br><br>_______________________________________________<br>consulting mailing list<br><a href="mailto:consulting@drupal.org">consulting@drupal.org</a><br><a href="http://lists.drupal.org/mailman/listinfo/consulting">
http://lists.drupal.org/mailman/listinfo/consulting</a><br></blockquote></div><br>