LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] extra - PotD Wed, 25th June?

[ILUG] extra - PotD Wed, 25th June?

Ken Guest kguest at php.ie
Thu Jun 26 12:03:19 IST 2008 

On Thu, Jun 26, 2008 at 9:56 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Ken Guest (ken at linux.ie):
>
>> So there are lots of things to say about it - namespaces and late
>> static binding in  php5.3, training people to write more secure code
>> (you can write insecure code in pretty much any language - it's all
>> about best practices) and why horrible settings/facilities such as
>> register_globals, safe_mode and magic_quotes  are fully removed from
>> php6.
>
> As someone who hasn't yet played with PHP6, I'd value your comments:
>
> Is there anything new from the PHP6 world that I should add to "PHP" on
> http://linuxmafia.com/kb/Security/ ?  That's my page of recommended
> security-sensitive settings to check in /etc/php?/apache/php.ini,
> believed to be fairly comprehensive through PHP5.

as mentioned:
    * all aspects of magic_quotes
    * register_globals
    * register_long_arrays (such as HTTP_*_VARS - time to get on the
bandwagon and use $_GET & $_POST)
    * safe_mode
have been removed. Attempting to use these will cause a new
E_CORE_ERROR to be thrown.
Similarly session_register(), session_unregister() and
session_is_registered() have been removed in php 6.

The dl() function for dynamically loading a module/extension will only
be enabled if it has been registered
explicitly.  I think this change may have been implemented to prevent
work-arounds for loading modules that
were explicitly disabled in the php.ini file.

Some, perhaps all, patches from the hardened-php project  (
http://hardened-php.org/ )  will be applied to php core.

The soap extension will have more security options.

I think that's all of the security related aspects of changes in PHP6
- David Coallier would also be able to advise regarding this.

for reference, I gleaned some of this information from:
http://www.php.net/~derick/meeting-notes.html
http://wiki.php.net/todo/php60


regards

k

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell