|
Thursday, September 15. 2005PHP Security Slides Online
Slides for the PHP Security talk at PHP|Works are now up. You can download them in either PowerPoint or PDF form.
More to come shortly 
Comments
Display comments as
(Linear | Threaded)
Might have been useful to mention magic_quotes_sybase in your discussion of magic quotes. Also, your alternative register_globals exploit example doesn't mention the more insidious possibilities of http://www.colder.ch/news/09-09-2005/4/another-example-showing-t.html
It certainly would be nice if setting array offsets in an uninitialized variable was E_NOTICE. Neatly provides the tools to detect both of the alternate formulations of the register_globals issue. (Previously brought up on internals by the author of that article: http://news.php.net/php.internals/18666 )
There are many ways to exploit register globals, a whole talk can be made on it. But there is relatively time frame, so only somethings can be covered.
That said, you are correct there are additional register_globals exploits aside from the ones shown here. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||
I will keep a track of the excellent slides that many PHP gurus use in conferences. Happily for us, they decided to share. Ilia Alshanetsky - PHP|Works Performance Talk Slides (2005) Ilia Alshanetsky PHP - Security talk at PHP|Works (2005)
Tracked: Sep 16, 03:33
Slides for the PHP Security talk at PHP|Works are now up. You can download them in either PowerPoint or PDF form. Its time to rock!! ...
Tracked: Sep 18, 04:11
On this second day of the conference I attended the following sessions: Upgrade Your Development to Web 2.0, presented by Amy Hoy | slides here Managing PHP Performance, presented by Ilia Alshanetsky | slides here Rich User Interfaces ...
Tracked: Oct 03, 20:14