Pages: 1 [2]   Go Down

Author Topic: Way beyond PS Web Gallery  (Read 8511 times)

Chris_T

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 541
Way beyond PS Web Gallery
« Reply #20 on: December 29, 2006, 09:49:05 AM »

Quote
Yes, and that is an all too big problem; people who write books tend to live in their own technical little world, ignoring the others. There are exceptions, of course, but you'll find that a designer's view on web design differs from a programmer's view, and perhaps neither will give security a single thought.

[snip]

[a href=\"index.php?act=findpost&pid=92487\"][{POST_SNAPBACK}][/a]

Thanks for the response. Since I'm somewhat tech challenged, it will take me a while to digest all these.

Meanwhile, I'll start a new thread on "Good and bad web gallery designs". Hope all the suave web designers and programmers can contribute their wisdom there.
Logged

john beardsworth

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3690
    • http://www.beardsworth.co.uk
Way beyond PS Web Gallery
« Reply #21 on: December 29, 2006, 12:50:36 PM »

Quote
John, PHP has holes in the language as well as the apps.

ASP.net has had issues, too, and so has Java, Perl, Python etc., but they have been handled in a more ... mature manner.

To lay the blame of language problems at the feet of those who develop applications in the language is a bit weird, although the developers did choose the language.
[a href=\"index.php?act=findpost&pid=92747\"][{POST_SNAPBACK}][/a]
YMMV

jani

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 1620
    • yet
Way beyond PS Web Gallery
« Reply #22 on: December 29, 2006, 01:27:52 PM »

Quote
YMMV
Not in this case.

People who use PHP 4.4.4 for stability reasons have not been offered a security update, and need to patch PHP manually.

PHP 5.1 was dumped, and people who wanted the latest security fixes had to upgrade to 5.2 or roll their own security fixes.

Perhaps this is hard to believe if -- as is evidently your situation -- you aren't in a position where you have to pay attention to security updates of core modules such as PHP, but trust me, this is a core problem with PHP, and no, your mileage does not vary.

If you, however, should be in the situation where you need to administer computers and maintain software, Secunia is one of several pretty decent sources for disclosed vulnerabilities.

Here's the writeup for the htmlentities() and htmlspecialchars() remote system access vulnerability in all versions prior to 5.2.0:

http://secunia.com/advisories/22653/

There are also two currently unpatched but disclosed vulnerabilities:

http://secunia.com/product/5768/?task=advisories

We expect to see a whole lot more disclosed vulnerabilities in January.
Logged
Jan

john beardsworth

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3690
    • http://www.beardsworth.co.uk
Way beyond PS Web Gallery
« Reply #23 on: December 29, 2006, 02:37:13 PM »

Quote
If you, however, should be in the situation where you need to administer computers and maintain software....

Exactly, from the administrator's perspective, every language looks insecure and all admins ever see is a million largely-hypothetical reasons for stopping users doing anything useful at all. I've commissioned or fixed many systems in all sorts of languages from ASP to SQL Server to VB to PHP, and it's always faults in application design that cause the most grief. Most of those functions are used so rarely that the deficiencies are of theoretical importance and irrelevant to evaluating PHP-based applications. If it's a good app, there's no need to worry if it's in PHP - just find something else for the admin to worry about.

YMMV + ciao

John

robertwatcher

  • Guest
Way beyond PS Web Gallery
« Reply #24 on: June 21, 2007, 12:57:52 AM »

Quote
Perhaps this site could be helpfull:

http://www.hotscripts.com

It contains reverals for several script languages, and has references to commercial, as well as freeware scripts. If you select PHP -> Scripts & Programs, then there is an entry "Image Galleries"...
[{POST_SNAPBACK}][/a]


You can find my OnePageGallery at Hotscripts also:

[a href=\"http://www.hotscripts.com/Detailed/70794.html]http://www.hotscripts.com/Detailed/70794.html[/url]


--
Logged
Pages: 1 [2]   Go Up