[wp-testers] wordpress and php security

Mark Jaquith mark.wordpress at txfx.net
Sat Dec 23 11:03:37 GMT 2006


On Dec 23, 2006, at 1:45 AM, Brian Layman wrote:

> With all of the different configrations available, I can sure  
> understand
> why they'd want to be in full control of the processing of the data.

For a just-starting closed-source project on PHP 5.2 servers that you  
control... the filter extension *might* be a good choice.  For an  
open source project like ours or Serendipity or Flyspray, you would  
have to either abandon your PHP < 5.2 userbase, or maintain two  
filter systems.  Heck, even if you do abandon your PHP < 5.2 userbase  
you'll have to maintain two filter systems to work around bugs and  
shortcomings [1] in the filter extension.

I'm much more interested to see the PHP-based input/output filters  
library that the Hardened-PHP Project is going to develop [2].

==
[1] http://devzone.zend.com/node/view/id/1113#comments-1210
[2] http://blog.php-security.org/archives/65-PHP-Input-Filtering- 
Library.html

--
Mark Jaquith
http://markjaquith.com/

Covered Web Services
http://covered.be/




More information about the wp-testers mailing list