#1
  1. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14

    Lightbulb To All Devshed Forum Members


    TO ALL DEVSHED FORUM MEMBERS

    If you think that a question is stupid or basic or ridiculous then DON'T look at it at all.

    You forget that this is a community forum, this means everyone is allowed to have their say and have a basic right not to be insulted, just because they are not at the same level of experience as you.

    Scornful and nasty remarks only shows how unprofession and immature you are, not how experienced you are.

    Devshed Forum's is an excellent source to pickup tips and various ways of doing things, not a place to be insulted, so lets try and keep it this way.

    All we (your average member / visitors) care about is getting the help or info we need, as soon as we can get it, without stupid and unprofessional remarks. I have noticed that I am not the only "person" who feels this way.

    I thoroughly agree with the guidelines posted in the following:
    http://forums.devshed.com/php-development-5/announcements.html?s=

    I recommend every user of devshed visit the above link. I would also like to point out that DevShed is not the only site where you can get help, I recommend searching through the wealth of resources on the net such as:

    http://www.webmonkey.com/
    http://www.phpbuilder.com/
    http://www.internet.com/
    http://www.phpgeek.com/
    http://www.webdeveloper.com/

    Now with my 2 cents out of the way, I would like to say thankyou to anyone who has ever helped me... THANK YOU

    I also highly recommend everyone visit the following for a list of vulnabilities in PHP:
    http://www.securereality.com.au/studyinscarlet.txt
    Last edited by deepspring; October 28th, 2001 at 09:42 PM.
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2001
    Location
    The Netherlands
    Posts
    66
    Rep Power
    14
    I also highly recommend everyone visit the following for a list of vulnabilities in PHP:
    http://www.securereality.com.au/studyinscarlet.txt
    I think the title of this document is misplaced. It should not be "Exploiting Common Vulnerabilities in PHP Applications", since none of the things he mentions is PHP's fault. It should rather be called "The dangers of making mistakes when programming PHP". Anyone with a good sense about the workings of PHP can program pretty secure PHP applications, imho. I'm not bashing the article here, I just don't want documents like that to give PHP a bad name, personally.
  4. #3
  5. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    I've read that paper quite long time ago, and frankly it is not all that good. Most of it is a common sense, and I dont know why so many people consider it being a good source.
    And you know I mean that.
  6. #4
  7. Web Developer
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2001
    Location
    Finland
    Posts
    719
    Rep Power
    15
    Originally posted by AlCapone
    I dont know why so many people consider it being a good source.
    Maybe because of the fact that it is common sense
    Most problems on this line of work are usually simple and can be corrected with a little brainwork.
    -- Tomi Kaistila
    -- Developer's Journal

    The more you learn, the more you know.
    The more you know, the more you forget.
    The more you forget, the less you know.
  8. #5
  9. Newbie :P
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Jan 2001
    Location
    In the PHP Engine :-)
    Posts
    2,880
    Rep Power
    21
    Originally posted by Datamike


    Maybe because of the fact that it is common sense
    There is an age old saying something along the lines of 'You can't teach common sense' I forget it all, but well I'm only 21 and some of the people I have met in my life, well reading a paper just won't help people learn common sense, you either have it or you don't.

    Just my 2 cents.
    ---------------------
    -- SilkySmooth --
    ---------------------
    Proxy
  10. #6
  11. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14

    Exclamation


    I didn't write that paper, I just found it... the contents in it may be common sense to the advanced PHP users, but devshed and a lot of the other people who provide tutorials on PHP do not contain or practice any of the security fixes for the issues discussed in that paper.

    I learned PHP/MySQL through tutorials posted on devshed, phpbuilder, webmonkey and examples of other peoples code posted in these forums. Not once have I found a single tutorial on the security issues relating to PHP and it was only during the last couple of months that it has been posted in these forums.

    PHP is a very good language, but more needs to be done in tutorials about warning new users of the potential security vulnabilities in PHP, Before they find out that the programs they have written, have allowed crackers access to sensative data or allowed them to use their host as a third-party D.o.S attack station.

    If you think what I am doing is a little over the top, well thats your opinion and it is noted, but just remember three things.

    1. It's OUR code that WE post to help people in the forums and it is quite often that they will use OUR code in some chopped up form.

    2. People who do read and learn from tutorials, use the code examples in these tutorials in REAL applications...

    3. You want people to learn this great language properly, then start discussing these issues and doing tutorials on them.

    I just thought I might add another 2cents to the discussion.

    God Bless
    Scott
    Last edited by deepspring; November 2nd, 2001 at 09:02 PM.
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"
  12. #7
  13. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    why do people take everything so personally lately?
    And you know I mean that.
  14. #8
  15. Newbie :P
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Jan 2001
    Location
    In the PHP Engine :-)
    Posts
    2,880
    Rep Power
    21
    No idea mate, obviously constructive criticism is no longer allowed.
    ---------------------
    -- SilkySmooth --
    ---------------------
    Proxy
  16. #9
  17. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14
    I didn't take it personally... if it sounded that way, then I am sorry and I will try watch the way I type things in future.

    I get a little irrate when people automatically assume people who are new to PHP know the security risks involved in using PHP in commercial sites. Its just the same as not everyone knows how to use and config Linux or Unix as a secure server.

    PHP is a great language and I really enjoy using it, but I also believe that more needs to be done to educate future and current learners/users of the language about its holes and flaws.

    If PHP users really want it to be a serious competitor in the commercial market, then they are going to have to start looking at these issues. Thats probably why PHP is no where near as popular ASP, ColdFusion or JSP on commercial sites or intranets (I assume because of the number of job vacancies in these languages compared with the PHP ones).

    So... forgive me... ???

    Scott
    Last edited by deepspring; November 3rd, 2001 at 07:07 PM.
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"
  18. #10
  19. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    >>Its just the same as not everyone has a degree computer science or a trade qualification.
    I don't
    >>PHP is a great language and I enjoy using it,
    >>but I also believe that more needs to be done to educate future
    >>and current learners/users of the language about its holes and flaws.
    holes are not in the languages. What we call 'holes' is NOTHING but a product of creative mind, so how are you going to educate users creativity?
    >>If PHP users really want it to be a serious competitor in the commercial market
    they do have thier nice spot already, check statistics
    >>Thats probably why PHP is no where near as popular ASP,
    >>ColdFusion or JSP on commercial sites or intranets
    ASP promoted by microsoft, jsp by sun, php by...by....hmm...Rasmus? How many people know him (compare to microsoft and sun)? about zero? I don't know why in the world you mentioned cf, because in my mind it is a parody on a language. And where's c?
    >>I assume because of the number of job vacancies in these
    >>languages compared with the PHP ones
    PHP has been around for what, 5-6 years?

    Bottom line: PHP is doing just great for its position.
    And you know I mean that.
  20. #11
  21. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14
    >> I don't

    neither do I, but then I realised not many do... so I chaged it...

    >> holes are not in the languages. What we call 'holes' is NOTHING but a product of creative mind, so how are you going to educate users creativity?

    So what, it still helps to actually discuss it... after all how are they going to know that if we don't warn them or show them how to do things better... Creativity begets Creativity

    >> they do have thier nice spot already, check statistics

    Ever heard of "statics and other dam lies".. You might find it at Amazon.com if you don't mind other people using your credit card.

    >> ASP promoted by microsoft, jsp by sun, php by...by....hmm...Rasmus? How many people know him (compare to microsoft and sun)? about zero? I don't know why in the world you mentioned cf, because in my mind it is a parody on a language. And where's c?

    So whats stoppin PHP?? lack of vision and support??

    Do you understand the new internet laws relating to e-commerce?? well neither does your average new php user, who will probably run through two tutorials make one or two posts on this and then put a very insecure site online.

    MS and Sun both incorporate Security as a main module in the foundation learning material...

    CF may be a parody, but it is still widely used on intranets and e-commerce sites... and is pretty easy to learn, once you find a good book (which usually incorporates security as a main module usually).

    "Gee Brain, what are we going to do tonight? Same thing we do every other night... TRY AN TAKE OVER THE WORLD!" Sorry couldn't help myself... Pinky and the Brain are legends... they remind me of geeks tryin to topple MS

    I haven't really come across many C based sites... except for http://www.ht.com.au

    >> PHP has been around for what, 5-6 years?

    Yikes is that all... kind of the same amount of time as JSP.. no?

    My Job Sources:
    http://www.seek.com.au/
    http://www.monster.com.au/
    http://itjobs.mycareer.com.au/

    With that said... and on a different note I highly recommend that new movie (new in AU.. it just came out on DVD) "Anti-Trust"...

    God Bless
    Scott
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"
  22. #12
  23. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    aight, deepsring, lets stop fighting over what's more popular and why, shall we? I agree on most of your points, and that is what we need.
    I've seen antitrust about a month ago ( or may be more), quite nice...has anyone noticed the bad dude looks much like gates?
    And you know I mean that.
  24. #13
  25. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14
    LOL.... yes, it's un-canny aint it

    They even mention his name in the movie I think...

    He also looks like the "Norton" guy of the "Norton SystemWorks" box...

    I loved how they actually used SGI Linux this time instead of what they normally do in techo movies...

    Sorry... I will stop argueing now...
    Last edited by deepspring; November 3rd, 2001 at 08:07 PM.
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"
  26. #14
  27. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    I am no *nix guru, so.. you remeber when the guy got inside and started looking into files (in some child care room or smth), so he was typing somethng - was it making any sense (his typing)?
    And you know I mean that.
  28. #15
  29. Is a Psycho
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Location
    In your computer
    Posts
    231
    Rep Power
    14
    To a degree it was... I am only an intermediate *nix user... I know some of the stuff he was typing was garbage and some of it wasn't.

    I was just amazed to see a real o/s and real C/C++ used instead of some macromedia director movie or wanabe animation....

    I only saw the movie for the first time last night... I am actually thinkin about buyin it...
    deepspring

    - "Netscape 4 users are like lemmings... You can't help but laugh when one falls off a cliff"

IMN logo majestic logo threadwatch logo seochat tools logo