php security

Today I visited an irc channel where some core developers are having a chat. They hang out, they chit chat and sometimes even talk about php.

Was approached by a developer who stated he has the next big cool thing. A framework/objectbase that enables you to do anything (a very true statement). Somewhere in this talk it mentioned security. I’ve been out of this for a long time but it still has my private focus. I asked a few questions and the original coder asked me to audit it.

There are a few things I ask before  I start auditing.

1. Is that your site?
2. Is your code security aware?
3. Do you mind a full disclosure after I have given you the time to fix it.

I still need the answer to item number 1. It took me a few minutes to create a username that only was visible for someone using the mysql commandline tool to look in the database. The admin interface did not show it.

If item 1 is answered and item 3 is answered positive a fix in my name might be posted by the creators.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: