FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » Security Holes In PHP
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Security Holes In PHP [message #782] Wed, 27 February 2002 11:19 Go to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
I have been made aware of several nasty security exploits in PHP, when submitting data via multipart/form-data POST.
More details can be found at:
http://security.e-matters.de/advisories/012002.html

The listed venerabilities seem to affect versions 4.0.3-4.1.1 when uploading files.

There has been a new version of PHP release that fixes those security holes, PHP version 4.1.2. So, if you are using file uploads in the forum or else where in your PHP program I strongly encourage you to upgrade to latest version.


FUDforum Core Developer
Re: Security Holes In PHP [message #792 is a reply to message #782] Wed, 27 February 2002 14:06 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
If for some reason you are adding additional modules like APC remember PHP developers CANNOT FOR THEIR LIFE WRITE PROPER AUTOCONF scripts. So, you'll get lots & lots of warning and even claims of bugs inside autoconf. However, if you upgrade to the latest version of autoconf, it will completely and utterly break php's configure script...
Autoconf 2.13 works just fine, so use it and ignore the errors & warnings.
[/rant off]

Something to think about...


FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Question?
Next Topic: PHP 4.2.0 came out
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Oct 21 02:56:58 EDT 2017

Total time taken to generate the page: 0.00643 seconds