SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Enthusiast jinnyruth's Avatar
    Join Date
    Dec 2005
    Location
    California
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP server vulnerability

    I don't know much about PHP, but you all seem to.

    I'm working on a site for a school district. They would like to install an application that allows certain students to update several calendars. I've found and used a great PHP app for this in the past, but that's where I run into trouble. The school district hosts their own site and doesn't have PHP installed on the server. When I asked the administrator to install PHP he doesn't want to becasue they are running MS Exchange on the same server and said it will open the email server up to vulnerabilities.

    Will installing PHP cause a problem really? Am I just stuck?

    Thanks guys! Sorry if it's a dumb question...I'm at a loss.

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    The administrator is the one who should be reinstalled . He is just too lazy to do extra work. A server will not have any vulnerabilities if installed and configured properly.

    Just my 2 cents.

  3. #3
    SitePoint Enthusiast jinnyruth's Avatar
    Join Date
    Dec 2005
    Location
    California
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So PHP doesn't really make it any more vulnerable?

  4. #4
    SitePoint Zealot ngi112's Avatar
    Join Date
    May 2005
    Posts
    122
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No if you know how to use it.
    ProxyTor - Submit your Proxy Site for free, fast.
    Parxy.com - Find a New Hobby!

  5. #5
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    PHP by itself doesn't make the server more vulnerable, it's poorly coded PHP scripts on the server that could open it up to hackers.

  6. #6
    SitePoint Addict Chillijam's Avatar
    Join Date
    Nov 2003
    Location
    England
    Posts
    293
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think that's a bit harsh on the poor admin. He is ultimately responsible for the mail server staying up, so adding anythin else is going to increase the risk of failure. I'd also refuse to put PHP on a production box that was running another service. Just one typo in a script may open the whole server to teh skr1pt k1dd13s.
    Your mind is like a parachute. It works best when open.
    (HH The Dalai Lama)

  7. #7
    SitePoint Enthusiast jinnyruth's Avatar
    Join Date
    Dec 2005
    Location
    California
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, but I've tried to explain to him that I'm not writing the script. It's a secure and trusted existing application.

    He sent me this link http://www.sans.org/top20/#c3 and forwared my request to his bosses and the district administrators. My reply was:

    "My understanding of what you sent me says that if you install the most recent version of PHP you are fine, and it is still almost all scripting problems. This article also details what you can do to protect yourself from such risks. Iím not sure what the problem is."

    Am I making an idiot of myself on this?

    Thanks!

  8. #8
    Non-Member Gator99's Avatar
    Join Date
    Sep 2004
    Location
    Florida
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'd say if you're running a windows server, the last thing you'd be concerned about is installing php on it. The guy is your typical microsoft idiot, if it doesn't have pretty windows or there's not a patch to install every week, typically they'd be lost.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •