Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PHP Easter Eggs

from [Rick Crelia] Network Security [Permanent Link]
Subject: Re: PHP Easter Eggs
Date: Mon, 6 Dec 2004 12:13:36 -0800 
Hmmm. Methinks we're making a mountain out of a molehill with this
thread... no offense, but think about this: most MTAs come with
version string information enabled by default. Sendmail, qmail,
Postfix, etc.  A competent system administrator knows that in
order to make the machine secure, you disable this functionality
by making the appropriate configuration change.  These MTAs power
a large hunk of the Internet MTAs in existence and are considered
quite solid and secure (well, sendmail's gotten better anyway.. heh).

I don't really see how the PHP "easter eggs" option is any different.

Or did I miss something? You can turn this behavior off, and probably
should in most instances.

--rc

*========================================*
Rick Crelia - rick.crelia@oregonstate.edu
OSU Libraries - Dept of Library Technology
Corvallis, OR 97331 - 541.737.8972


On Fri, Dec 03, 2004 at 12:49:22PM -0500, Chuck Brockman spake thusly:


Maybe I'm not viewing this in the right light, but if PHP is to gain momentum 
in the corporate world and seriously compete with the other dominate web 
"languages", findings like this will discredit PHP.  I personally like PHP 
and use it as well as others, but trying to sell PHP to management with 
findings like this may hamper the growth and acceptance of PHP.  Yes, I know 
there are Easter eggs in almost everything out there, especially M$oft apps. 

Chuck
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSO & 2FA deployments, dc
Next by Date:  RE: Account Lockouts, David Robert
Previous by Thread:  RE: PHP Easter Eggs, Chuck Brockman
Next by Thread:  Re: PHP Easter Eggs, James Barkley
Indexes:  [Date] [Thread] [Top] [All Lists]