____/ [H]omer on Tuesday 18 March 2008 16:27 : \____
> Roy Schestowitz wrote:
>
>> ,----[ Quote ]
> [...]
>> | The mainstream media consistently use the term "computers" when
>> | they make forays into this realm. Yes, they are computers, but
>> | they're not just any computer -- they are all running Windows. All
>> | of them.
>
> This is not entirely true, since PHP has known security issues (I
> personally have been the victim of a cross-site scripting vulnerability
> in the past). To what extent these issues contribute to botnets or
> viruses, I have no idea, but the figure is unlikely to be zero.
>
> However, a typical Linux /Desktop/ will not be running PHP or even a Web
> server at all, and even those who run home Linux servers rarely have
> them publicly accessible, so this is mostly a non-issue, except for Web
> hosts.
>
> Also, it should go without saying that PHP is not Linux, and indeed is a
> cross-platform solution, however ... a properly secured Linux Web host
> should /not/ be vulnerable to PHP issues if, for example, it utilises
> SELinux and an appropriate policy. Scripting languages on publicly
> accessible hosts that provide dynamic content are always an inherent
> security risk, but there are ways and means to mitigate those risks.
> It's just a pity that more Web hosts don't exercise those means.
Yes, I agree, definitely. It's not just PHP, but application that are
built /using/ PHP. I'm rebuilding my Web site at the moment on a new (actually
more powerful!) server after the attack WHICH DID NOT TARGET LINUX, not even
GNU. It was phpBB, which is /written/ in PHP. It was unpatched (last patched
some time in 2005, IIRC).
Live and learn.
--
~~ Best of wishes
Roy S. Schestowitz | "Did anyone see my lost carrier?"
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1510068k total, 334064k used, 1176004k free, 122980k cached
http://iuron.com - next generation of search paradigms
|
|
