[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
PHP, Security, etc.
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology
Thread replies: 22
Thread images: 9
Anonymous
PHP, Security, etc. 2016-01-10 08:32:08 Post No. 52342262
[Report] Image search: [Google]
File: php_security.png (110 KB, 750x400) Image search: [Google]
php_security.png
110 KB, 750x400
PHP, Security, etc. Anonymous 2016-01-10 08:32:08 Post No. 52342262 [Report]
Hey, anyone saw the recent influx of security changes being proposed to PHP?

Are any of them any good?

http://news.php.net/php.internals/90274

http://news.php.net/php.internals/90249

http://news.php.net/php.internals/90350

http://news.php.net/php.internals/90445

Or will PHP always be an insecure heap of shit?
>>
Anonymous 2016-01-10 08:39:15 Post No.52342339
[Report]
Anonymous 2016-01-10 08:39:15 Post No.52342339 [Report]
>le PHP is insecure may-may
>I'm too stupid to prevent XSS holes and SQL injections without the language making them basically impossible: the thread
>>
Anonymous 2016-01-10 08:40:28 Post No.52342353
[Report] Image search: [Google]
Anonymous 2016-01-10 08:40:28 Post No.52342353 [Report]
File: base64_no.png (133 KB, 560x504) Image search: [Google]
base64_no.png
133 KB, 560x504
>>52342339
I didn't say anything about XSS or SQL Injections m8

dem unserialize() RCEs tho
>>
Anonymous 2016-01-10 08:40:39 Post No.52342354
[Report]
Anonymous 2016-01-10 08:40:39 Post No.52342354 [Report]
>>52342339
this
>>
Anonymous 2016-01-10 08:42:30 Post No.52342376
[Report] Image search: [Google]
Anonymous 2016-01-10 08:42:30 Post No.52342376 [Report]
File: 1439119464435.jpg (49 KB, 550x600) Image search: [Google]
1439119464435.jpg
49 KB, 550x600
>>52342339
>>52342354
>>
Anonymous 2016-01-10 08:47:58 Post No.52342433
[Report]
Anonymous 2016-01-10 08:47:58 Post No.52342433 [Report]
>>52342262
insecure by design
>>
Anonymous 2016-01-10 08:48:39 Post No.52342441
[Report]
Anonymous 2016-01-10 08:48:39 Post No.52342441 [Report]
>>52342262
All of those suggestions are pretty good, though they're not going to do anything to stop inexperienced developers from making bad decisions (which will never stop happening regardless of what changes get made to PHP). I do like that the changes may break backwards compatibility with weak security, which would force project owners to update (inb4 "we're sticking with PHP 5.x!")
>>
Anonymous 2016-01-10 08:50:58 Post No.52342467
[Report] Image search: [Google]
Anonymous 2016-01-10 08:50:58 Post No.52342467 [Report]
File: 1384821039705.jpg (232 KB, 750x1000) Image search: [Google]
1384821039705.jpg
232 KB, 750x1000
>>52342441
Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day. Then they deserve to burn.
>>
Anonymous 2016-01-10 08:52:06 Post No.52342476
[Report]
Anonymous 2016-01-10 08:52:06 Post No.52342476 [Report]
>>52342467
>Those people deserve to sit on a rotting corpse of legacy software until someone finds a remotely exploitable 0day.

>Until

Isn't it ridiculously easy to upload a shell to these meme websites? Seems like PHP is too shit to be used.
>>
Anonymous 2016-01-10 08:52:12 Post No.52342478
[Report]
Anonymous 2016-01-10 08:52:12 Post No.52342478 [Report]
>>52342467
Agreed.
>>
Anonymous 2016-01-10 08:53:12 Post No.52342487
[Report] Image search: [Google]
Anonymous 2016-01-10 08:53:12 Post No.52342487 [Report]
File: 200_s.gif (63 KB, 437x200) Image search: [Google]
200_s.gif
63 KB, 437x200
>>52342476
Upload? Maybe.

Execute? Idk
>>
Anonymous 2016-01-10 08:56:56 Post No.52342525
[Report]
Anonymous 2016-01-10 08:56:56 Post No.52342525 [Report]
>>52342476
Is it? The fact that you haven't done it tells me it probably isn't that "ridiculously easy".
>>
Anonymous 2016-01-10 08:58:04 Post No.52342539
[Report]
Anonymous 2016-01-10 08:58:04 Post No.52342539 [Report]
>>52342525
I don't really know I just watched some youtube videos and security researchers were saying skids use PHP for their c&c and a huge majority of them are exploitable. (and they showed how it's done)
>>
Anonymous 2016-01-10 08:58:24 Post No.52342543
[Report]
Anonymous 2016-01-10 08:58:24 Post No.52342543 [Report]
>>52342262
Three out of those four are from the same nobody trying to make a name for himself with this: https://wiki.php.net/rfc/php71-crypto

I don't know what libsodium is but I'm sure it's an NSA ruse

>inb4 some securitard calls me a fag
>>
Anonymous 2016-01-10 08:58:46 Post No.52342546
[Report] Image search: [Google]
Anonymous 2016-01-10 08:58:46 Post No.52342546 [Report]
File: 1398574226455.gif (2 MB, 325x213) Image search: [Google]
1398574226455.gif
2 MB, 325x213
>>52342476
Please elaborate on what these "meme websites" are, friend
>>
Some Securitard 2016-01-10 08:59:46 Post No.52342555
[Report] Image search: [Google]
Some Securitard 2016-01-10 08:59:46 Post No.52342555 [Report]
File: 069.jpg (9 KB, 217x232) Image search: [Google]
069.jpg
9 KB, 217x232
>>52342543

> doesn't know who Daniel J. Bernstein is

> doesn't know who Frank Denis is

> thinks libsodium is NSA

GTFO
>>
Anonymous 2016-01-10 09:02:47 Post No.52342579
[Report] Image search: [Google]
Anonymous 2016-01-10 09:02:47 Post No.52342579 [Report]
File: goatsebuntu.png (14 KB, 297x253) Image search: [Google]
goatsebuntu.png
14 KB, 297x253
>>52342546
I second this query.
>>
Anonymous 2016-01-10 09:04:35 Post No.52342602
[Report]
Anonymous 2016-01-10 09:04:35 Post No.52342602 [Report]
>>52342543
You're right. I didn't even notice the names were the same!

So it's just some unimportant aspie then?
>>
Anonymous 2016-01-10 09:38:41 Post No.52342955
[Report]
Anonymous 2016-01-10 09:38:41 Post No.52342955 [Report]
>>52342546
>>52342579
You can literally google dork for them
>>
Anonymous 2016-01-10 09:39:38 Post No.52342968
[Report] Image search: [Google]
Anonymous 2016-01-10 09:39:38 Post No.52342968 [Report]
File: 1362095890981.gif (499 KB, 245x176) Image search: [Google]
1362095890981.gif
499 KB, 245x176
>>52342955
>>
Anonymous 2016-01-10 10:21:23 Post No.52343379
[Report]
Anonymous 2016-01-10 10:21:23 Post No.52343379 [Report]
>>52342339
This
>>
Anonymous 2016-01-10 10:26:27 Post No.52343427
[Report]
Anonymous 2016-01-10 10:26:27 Post No.52343427 [Report]
>>52342339
A language should at least not encourage them.
But if you don't use PHP without a templating language nowadays, you're doing it wrong anyway.
Thread replies: 22
Thread images: 9
banner
banner
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com, send takedown notices to them.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.