FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » Security Holes In PHP
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Security Holes In PHP [message #782] Wed, 27 February 2002 16:19 Go to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
I have been made aware of several nasty security exploits in PHP, when submitting data via multipart/form-data POST.
More details can be found at:
http://security.e-matters.de/advisories/012002.html

The listed venerabilities seem to affect versions 4.0.3-4.1.1 when uploading files.

There has been a new version of PHP release that fixes those security holes, PHP version 4.1.2. So, if you are using file uploads in the forum or else where in your PHP program I strongly encourage you to upgrade to latest version.


FUDforum Core Developer
Re: Security Holes In PHP [message #792 is a reply to message #782] Wed, 27 February 2002 19:06 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
If for some reason you are adding additional modules like APC remember PHP developers CANNOT FOR THEIR LIFE WRITE PROPER AUTOCONF scripts. So, you'll get lots & lots of warning and even claims of bugs inside autoconf. However, if you upgrade to the latest version of autoconf, it will completely and utterly break php's configure script...
Autoconf 2.13 works just fine, so use it and ignore the errors & warnings.
[/rant off]

Something to think about...


FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Question?
Next Topic: PHP 4.2.0 came out
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 19:42:14 GMT 2024

Total time taken to generate the page: 0.05578 seconds