Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:27420 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 13034 invoked by uid 1010); 13 Jan 2007 15:10:53 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 13019 invoked from network); 13 Jan 2007 15:10:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Jan 2007 15:10:53 -0000 Authentication-Results: pb1.pair.com header.from=info@ch2o.info; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=info@ch2o.info; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain ch2o.info from 212.27.42.28 cause and error) X-PHP-List-Original-Sender: info@ch2o.info X-Host-Fingerprint: 212.27.42.28 smtp2-g19.free.fr Linux 2.4/2.6 Received: from [212.27.42.28] ([212.27.42.28:50896] helo=smtp2-g19.free.fr) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 81/75-02735-C76F8A54 for ; Sat, 13 Jan 2007 10:10:53 -0500 Received: from taris.localnet (stc92-2-82-228-136-150.fbx.proxad.net [82.228.136.150]) by smtp2-g19.free.fr (Postfix) with ESMTP id 4B1D67CE8 for ; Sat, 13 Jan 2007 16:10:50 +0100 (CET) X-Spam-Status: No, hits=0.0 required=4.0 tests=ALL_TRUSTED: -2.867,AWL: 0.354,BAYES_00: -1.065, TO_ADDRESS_EQ_REAL: 0.131,UNWANTED_LANGUAGE_BODY: 3 X-Spam-Level: Received: from localhost ([127.0.0.1]) by taris.localnet (Kerio MailServer 6.1.2) for internals@lists.php.net; Sat, 13 Jan 2007 16:10:48 +0100 Date: Sat, 13 Jan 2007 16:10:49 +0100 Message-ID: Sender: "Mathieu CARBONNEAUX" To: "internals@lists.php.net" Reply-To: info@ch2o.info Importance: Normal X-Priority: 3 X-MSMail-Priority: Normal User-Agent: Kerio Outlook Connector (6.1.2.569) MIME-Version: 1.0 X-MimeOLE: Produced by Kerio Outlook Connector (6.1.2.569) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Subject: Re: [PHP-DEV] Comments on PHP security From: info@ch2o.info ("Mathieu CARBONNEAUX") > I don't think you've read the section on prepared statements in= the > PDO documentation, because it does mention it there, although i= t > doesn't beat you over the head with the seriousness of the prob= lem. > > http://us2.php.net/manual/en/ref.pdo.php#pdo.prepared-statement= s Sorry for my buz... This piece of manual say the same i've said... But i repeat, i thing a security (or a good dev practice portal)=20= portal is a good freind of the manual and can be abel to level up= the security of php dev app... But is not the only solution... And i think CERT must not alarm in the same statistic pool if are= application security bug, or php engine security bug... because=20= actualy there no posibility to filter on cert (i've seen one...)=20= on php engine only... And it the same with module that use lib that have security bug..= . And is bad for the php image... On this portal i thing also be interesant log php alert in more f= riendly way... Regards, Mathieu