[SPTUsers] Security
Alejandro Fernandez
a.fernandez at bristol.ac.uk
Thu Feb 27 15:36:36 CST 2003
Thanks for your reply. I will look into the RSS features which I wasn't
aware of!
Another question is: I've noticed through looking at the code that it
seems to cater for register globals being off, and indeed, I installed
the latest versions of php and apache 1.3.x and things seem to work
quite fine. But has anyone ever had any security problems? One of the
factors against me being able to take up SPT as our metadata providing
software is that most people here see PHP as an insecure language, owing
to the ease with which it can be programmed in (so anyone can write
something that works, but not everyone can make that same thing secure
too).
What can be done to ensure that SPT is secure with the data it keeps and
does not allow people to steal, alter data or even gain unauthorised
entrance to the server? I'm considering running Nessus on it, as this
would catch simple forms problems with scripts etc...
Or even, what can I say to reassure these perlmongering phpphobes?
Ale
On Thu, 2003-02-27 at 14:11, Edward Almasy wrote:
> On Thu, Feb 27, at 12:58:19PM, Alejandro Fernandez wrote:
> > I was pleased to see Mr Mao Jun intending to implement news feeds in
> > SPT. I'm currently evaluating SPT and one of the features I'll need to
> > add is this.
>
> One thing I'd like to mention here is that SPT already supports RSS 0.92
> (and 2.0) for news/summary feeds and OAI 2.0 for data harvesting.
>
> Ed
--
Alejandro Fernandez <a.fernandez at bristol.ac.uk>
ILRT
More information about the SPTUsers
mailing list