On sale now!

A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012. Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing the drug and gang related violence in Mexico. Chris gives us Mexican press dispatches of drug and gang war violence over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has dominated Mexico for six years.

Click here for more information

On Sale Now!

The threat of civil war hangs over an isolated ficticious southeastern Oklahoma town.

Rantburg.com and Borderlandbeat.com correspondent and author Chris Covert presents Newtonville, his first, epic novel of love and betrayal set in the turbulent late 1960s. Click here to buy

43 Percent of Vulnerabilities in 2006 Were php
2007-01-21
Posted by: badanov

Via The Register comes the incredible news that 43 percent of all vulnerabilities reported in 2006 were connected to the web programming language php.

php is a web-based programming language which embeds perl-looking code into web pages so that dynamic web content can be served.

php's advantage over such panguages as Java and perl is its simplicity. A user with a small grounding in programming can code in php. php is an mature, albeit not advanced, langauge having been in existance since the mid-1990s, and accounting for, according to the linked article, 1.3 million websites worldwide.

php has an incredible number of both integral and add on modules for interacting with third party software suich as databases, with straight forward instructions and caveats allowing relatively new web programmers to hammer out a dynamic web site in very little time.

This blog in its entirety is coded in perl, not php, primarily because of its relatve secure nature. Without really understanding why php accounts for so many probleams, we suspect that scope, where a script constricts variables to only the local environment, is a likely culprit. Scope is critical in perl. We must identify everything as local in nature or some attackers can overtake a script and run it for their own purposes. A little error in the script, and voila, they own your server.

The article goes on to describe that 23 percent of vulnerabilities reported in 2006 were database attacks, where an attacker can inject sql code into a webform or a url, crash the database server long enough to gain access.

This is an odious form of attack, and so much of a concern for us, we were forced to change the database address to bolster its local security. Database security is the primary reason we prefer postgreSQL, the database backend which serves this site, over MySQL is because of security and licensing problems.

If this story sounds like a public relations ad, congratulations, you are correct.

So, secure those php applications, and remember the top three computer security measures: backups, physical security and backups.

If you have something to add, Fire Away!

Number of Comments so far: 0

Click here for a list of stories in the Unix and Computer category