[horde] HORDE and PHP security issue(s)
brian@highstream.kicks-ass.org
brian at highstream.kicks-ass.org
Tue Nov 1 07:54:01 PST 2005
I checked the list archives a bit and see almost no discussion of horde
and security, is there a better list than this for security discussions?
if so I couldn't find it.
This newest vulnerability is kind of worrying:
http://www.internetnews.com/dev-news/article.php/3560456
and the linked to article here:
http://www.hardened-php.net/index.76.html
rm'ing/chmod'ing test.php and not having register_globals on in php.ini
are a start but it seems like it's application specific as to what is safe
or not. Thoughts, comments?
I know the answer is upgrade php but I have some production servers with
HUGE horde prefs dbs that take a considerable amount of time to dump and
restore if/when something goes wrong. All you admins know people go nuts
if their mail is down for any amount of time.
thanks for your time,
brian
--
Never be afraid to tell the world who you are.
-- Anonymous
10:45:01 up 11 days, 3:56, 5 users, load average: 0.06, 0.04, 0.01
More information about the horde
mailing list