Prev-20 Home Next-20 1 msg Choose the quote that matches your financial needs 2 msg about install --reinstall for overwriting possi... 1 msg dhcp delivered subnet broadcast address: 255.25... 1 msg Hey remember i told you about this Madeleine 1 msg Re: [SECURITY] [DSA 717-1] New lsh packages fix... 5 msg how to display the SSHd fingerprint 1 msg Re: [SECURITY] [DSA 719-1] New prozilla package... Fixing stupid PHP application design flaws \ Martin Schulze (28 Apr 2005) . \ Jeroen van Wolffelaar (28 Apr 2005) . . \ Martin Schulze (30 Apr 2005) . . \ Javier Fernández-Sanguino Peña (30 Apr 2005) . \ Henrique de Moraes Holschuh (28 Apr 2005) . . \ Florian Weimer (5 May 2005) . . . \ Martin Schulze (5 May 2005) . \ Hans Spaans (28 Apr 2005) . . \ Jean Christophe André (28 Apr 2005) . . \ Javier Fernández-Sanguino Peña (28 Apr 2005) . . . \ Hans Spaans (29 Apr 2005) . . \ Martin Schulze (30 Apr 2005) . . . \ Jeroen van Wolffelaar (30 Apr 2005) . . . . \ Martin Schulze (30 Apr 2005) . . . . . \ Thijs Kinkhorst (2 May 2005) . . . . . . \ Henrique de Moraes Holschuh (2 May 2005) . \ Thomas Hochstein (30 Apr 2005) . \ Olaf van der Spek (3 May 2005) . . \ JM (4 May 2005) 3 msg Dns refresh 1 msg FROM MR. PAUL . 3 msg FIle access auditing 1 msg Re: [SECURITY] [DSA 715-1] New cvs packages fix... 1 msg Time may be running out -apx 1 msg Cordula Sonnhalter heute nicht im Haus : [SECUR... 1 msg Hi, everyone 2 msg sshd: Disable PAM if you do not want to use pas... 2 msg Re: [SECURITY] [DSA 713-1] New junkbuster packa... 1 msg Snort log stuff 3 msg slocate 2.6-1.3.3 fails to install 1 msg DoS vulnerability in postgrey - fixed, upgraded... Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Apr-2005 Next-Thread Next-Msg Subject: Re: Fixing stupid PHP application design flaws Group: Debian-security From: Martin Schulze Date: 5 May 2005 Florian Weimer wrote: > * Henrique de Moraes Holschuh: > > > I think not only we should do it, we should also make a big fuss > > about it, so that some of the PHP people out there at least have a > > chance to get the clue. > > Unlikely to work. Just look at how almost all PHP developers reject a > proactive approach to SQL injection. 8-( When upstream is security-ignorant, we need to educate our developers to fix the applications before actually uploading, and fix them again when a new upstream version is released, over and over again. Regards, Joey -- If nothing changes, everything will remain the same. -- Barne's Law Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Apr-2005 Next-Thread Next-Msg

© 2004-2008 readlist.com