FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » PHP mysql_excape but need to search for those items
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PHP mysql_excape but need to search for those items [message #178419 is a reply to message #178418] Sat, 16 June 2012 13:25 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/16/2012 2:33 AM, Arno Welzel wrote:
> Jerry Stuckle, 16.06.2012 03:07:
>
>> On 6/15/2012 4:36 PM, Arno Welzel wrote:
>>>
> [...]
>>> To read more about:<http://www.kb.cert.org/vuls/id/800113>
>>>
>>> Just because you can not imagine that his happens in reality does not
>>> mean that you can ignore the problem.
>>>
>>
>> Quite frankly, I don't believe everything I see on the web. Do you have
>> any proof this has actually occurred?
>
> A well documented security hole does not exist for you, as long as
> nothing worse happens to you?
>

Sure - but how "open" is this security hole? How easy is it to take
advantage of?

You can say the same thing about 256 bit encryption. It's not secure -
it can be hacked. However, it would take all the computers in the world
longer than the universe has existed to hack it.

Or every time I leave my house, there is the security risk that someone
will break in and take everything. So I guess I should never leave my
house.

The fact is, "security holes" exist all around us. Just because the
possibility exists does not mean it is a vulnerability to be concerned
about.

These holes require the hacker be able to execute a specific pattern of
steps, which can easily be detected and prevented, as the cert.org
article stated. This patter can easily be detected and prevented. And
all of these security holes have had patches available for 4 years. No,
I don't consider these security holes to be significant.

> ["Trustworthy" CAs]
>>> VeriSign is also on the list of the CAs which had at least one security
>>> problem:
>>>
>>> < http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z8 20120202>
> [...]
>>> < http://www.thetechherald.com/articles/DigiNotar-security-incident-goes-from -bad-to-worse>
> [...]
>> Again, I don't believe everything I see on the Internet. But I have
>> used both Thawte and Versign, and know what a company has to go through
>> to get a certificate.
>
> I know as well what it takes to get a SSL certificate signed by
> VeriSign. Not much... generally just money.
>
> On what base do you trust VeriSign or Thawte?
>

I trust them because I have several clients with their certificates.
And it takes a lot more than just money to get the first certificate.
Renewals aren't bad, because you already have proven who you are previously.

> [...]
>>> As i already said: Don't trust a CA, only trust (or don't trust) the
>>> certificate. If it changes your browser will immediately tell you - even
>>> if it was signed by a CA.
>>
>> So, what is your solution? Just telling someone not to trust a CA is
>> not a solution.
>
> That *is* the solution, if the CA is not trustworthy.
>
>

That is not a solution. But you don't have one. All you can do is piss
and moan.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using count() as an array index
Next Topic: can't modify include path
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 16:28:18 GMT 2024

Total time taken to generate the page: 0.04411 seconds