[Ilugc] web frontend for LDAP
apsivam at gmail.com
Sat Nov 25 16:06:22 IST 2006
On 11/25/06, Binand Sethumadhavan <binand at gmail.com> wrote:
> On 25/11/06, Sivanandhan, P. <apsivam at gmail.com> wrote:
> > Come on Binand I expect more from you not just a vulnerability list.
> > Linux kernel has bugs Mozilla Firefox has bugs Perl has, Java has...
> > The link you provided *mostly* lists vulnerabilities of web
> > application developed using PHP. Technically they belongs to those web
> > application not PHP.
> I did mention the link was a starting point. For comparison, PHP has
> 1943 matches, Perl has 101, Python 18 and Ruby 10.
> Why is it that the vast majority of PHP applications have
> vulnerabilities? For example, scan the PHP list - see how many "remote
> file inclusion" vulnerabilities are there? Can you find any in Perl
> programs? The reason for this is the vastly overdesigned PHP fopen()
> function/allow_url_fopen. Or the myriad of problems associated with
> register_globals. I can go on about this.
They are all depends on how you develop your web application. Most
modern PHP web applications are designed to work with register_globals
off Joomla warns the user if he have register_globals on now. I won't
claim all PHP web applications are safe and secure but they are
evolving like any other language or software. Numbers cannot always
tell the truth the keywork Linux fetches 759 vulnerability and Windows
fetch 781 so is Linux as vulnerable as Windows, as the difference is
Sivanandhan, P. (a.k.a. apsivam)
More information about the ilugc