strayf at freeshell.org wrote: > On Sat, Mar 06, 2004 at 12:03:16AM -0600, Matthew S. Hallacy wrote: > >>On Fri, Mar 05, 2004 at 10:46:09PM -0600, Wayne Johnson wrote: >> >> >>>We all learn something everyday... Especially with Linux. >> >>I hope one of the lessons learned is that PHP is evil. > > > I think the lesson is more that anything which is both easy and powerful is > also dangerous. PHP isn't evil, you just have to keep your eyes open. > > -Steve If I'm understanding what happened correctly, Pastor Doug Coats made a PHP programming error, which resulted in a *unique* security hole on his system. Someone, possibly from the Phillipines, then discovered this hole and used it to grab the passwd file. My question is, how was the hole detected? How long was the hole open before it was discovered? Is there something that made detecting the hole easy or ??? Is cracker detection coverage of the web really as complete as this incident seems to imply? Kent _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list