Re: PHP4 Forward Port to Lenny

To: backports-users@lists.backports.org
Subject: Re: PHP4 Forward Port to Lenny
From: Martin Steigerwald <Martin@lichtvoll.de>
Date: Sun, 7 Feb 2010 12:20:30 +0100
Message-id: <[🔎] 201002071220.31172.Martin@lichtvoll.de>
In-reply-to: <[🔎] 7191A9FADFABE74F94A8403B82C57A6105098F9CB0@sg000036.corproot.net>
References: <[🔎] 7191A9FADFABE74F94A8403B82C57A6105092AAB54@sg000036.corproot.net> <15ABC5B2-D21C-4887-9E55-A7C0344F4615@cs.tu-darmstadt.de> <[🔎] 7191A9FADFABE74F94A8403B82C57A6105098F9CB0@sg000036.corproot.net> (sfid-20100205_145142_233402_A3056562)

Am Freitag 05 Februar 2010 schrieb Guy.Baconniere@swisscom.com:
> In term of isolation I prefere VMware, KVM or Xen then add
> mod_security to Apache2, grsecurity to kernel can help
> to circonvent most of the exploits to gain root.

Would that be really less effort than fixing the PHP applications? If so, 
I still recommend getting an indemnification from your employer *first*.

Yes, all of this can improve security of insecure PHP applications. But it 
is not fixing the insecurity at its source. Still, even with modern PHP 
applications there might be security holes since it is not that easy to 
write secure PHP applications at all - and thus something like 
mod_security makes sense anyway.

-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- PHP4 Forward Port to Lenny
  - From: <Guy.Baconniere@swisscom.com>
- RE: PHP4 Forward Port to Lenny
  - From: <Guy.Baconniere@swisscom.com>

Prev by Date: Re: PHP4 Forward Port to Lenny
Next by Date: Re: lxde package is broken
Previous by thread: RE: PHP4 Forward Port to Lenny
Next by thread: Re: PHP4 Forward Port to Lenny
Index(es):
- Date
- Thread