Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14557
Return-Path: <lsmith@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 90807 invoked by uid 1010); 3 Feb 2005 09:02:06 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 90791 invoked by uid 1007); 3 Feb 2005 09:02:06 -0000
To: internals@lists.php.net, Nick Loeve <php@trickie.org>
Message-ID: <4201E88E.4040306@php.net>
Date: Thu, 03 Feb 2005 10:02:06 +0100
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> <Pine.LNX.4.58.0502022230040.9488@localhost> <12510140304.20050202223853@marcus-boerger.de> <42014F3B.5040607@lerdorf.com> <42018329.3010300@fission.org.uk> <42018B49.2030204@trickie.org>
In-Reply-To: <42018B49.2030204@trickie.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 62.214.177.78
Subject: Re: [PHP-DEV] PHP 5.1
From: lsmith@php.net (Lukas Smith)

Nick Loeve wrote:
> Gareth Ardron wrote:
> 
>> Rasmus Lerdorf wrote:
>>
>>>
>>> TCP/IP Firewalls break all sorts of applications as well until either 
>>> the application is modified to poke a hole in the firewall itself via 
>>> upnp, or you reconfigure the firewall.  This makes firewalls 
>>> annoying, but they are necessary.  This is exactly the same thing.  
>>> It is a data firewall for PHP.  You don't have to use it, but people 
>>> want it and need it.
>>
>>
>>
>> I would think the difficulty would be in informing people that 
>> functionality like this is only the start of good security.
>>
>> Maybe a proper, official, howto on PHP security should be drawn up
> 
> 
> The phpsec group started a project to do just that: http://www.phpsec.org/

There are no silver bullets here. Also homogenic solutions are not what 
you want for security either. Basically what we can do is make the big 
nono's known and provide tools that as transparently as possible enhance 
security. If using filters requires people to jump through hoops there 
is little gain if any.

regards,
Lukas