JSLabs Blog: Is your website secure?
In the spirit of the Month of PHP Bugs going on right now (March 2007), Justin Silverton has spotlighted just a few of them in a new entry to the JSLabs blog today.
He mentions issues like:
- a header() issue that results from a call to it with an all-whitespace string
- a session issue in PHP5 where an identifier isn’t freed correctly
- and an issue with the compress.bzip2 URL wrapper not following safe_mode or open_basedir restrictions (already corrected).
These are just a few of the bugs that have been reported during the month-long event, so check out php-security.org. He also points to the Suhosin patch that can help alleviate some of these issues.