Mantenerse al Día
PHP, como cualquier otro sistema de tamaño considerable, está bajo constante escrutinio y remodelación. Cada nueva versión incluye con frecuencia cambios mayores y menores para mejorar la seguridad y reparar cualquier fallo, problemas de configuración, y otros asuntos que puedan afectar la seguridad y estabilidad global de su sistema.
Como cualquier lenguaje y programa de scripting del nivel del sistema, el mejor enfoque es el de actualizar con frecuencia, y mantenerse alerta sobre las últimas versiones y sus cambios.
Características> <Seguridad Last updated: Fri, 22 Aug 2008
add a note add a note User Contributed Notes
Mantenerse al Día
Mike R
08-Jan-2008 02:13
Here are some good white hat sites:
sla.ckers.org
www.0x000000.comha.ckers.org
www.gnucitizen.orgwww.owasp.orgwww.cert.orgwww.sans.orgwww.securityfocus.comWhat's a white-hat site? It's a site run by security professionals, such as various federal governments, with honorable intentions. They should be required reading.
Tapani Talvitie
22-Jul-2006 03:29
> Users might also like to use the latest features in PHP5,
> but the host may still be using PHP4.
>
> Hosts might also be running with register_globals on. As
> reported elsewhere in the comments on this site, when
> some hosts turned it off, they got several emails about
> broken scripts. So the hosts simply turned register_globals
> back on.
> The only solutions, besides pestering the web host to
> upgrade, are to change to a different, more modern
> host, or consider renting a virtual server where you can
> set up PHP yourself.
Another solution could be that the web hosting firms would run a new (virtual) server when a new major PHP version is released. The new server would have all security related settings turned on. This way new customers would automatically get the new features and old ones could ask to be moved. All clients would be informed about the possibility to update, so that the not-so-active web masters could start their slow transition process in the following months.
There is of course a downside in this solution too: web hosting firms would need to maintain several PHP version. One way to solve this would be to limit available php versions to two. If for example the host has php4 and php5 servers and then php6 is released, php4 users would be forced to move to the newer version. A major php releases come out once or twice in the year(?) That would give 1-2 years for the slow web masters to adjust ;-)
me at jonheather dot com
10-Oct-2005 05:52
Agreed, but if they are a decent and respectable web hosting company, they would update PHP regularly and most surely do so if asked.
Chris Hester
08-Sep-2005 02:49
The problem lies in everyday web hosting firms which often seem to employ old versions of PHP. The user is therefore stuck. They may also be at risk as security patches won't be present. Users might also like to use the latest features in PHP5, but the host may still be using PHP4.
Hosts might also be running with register_globals on. As reported elsewhere in the comments on this site, when some hosts turned it off, they got several emails about broken scripts. So the hosts simply turned register_globals back on.
The only solutions, besides pestering the web host to upgrade, are to change to a different, more modern host, or consider renting a virtual server where you can set up PHP yourself. Of course this is likely to be more expensive and so not suitable for the average person. It just seems a shame to be stuck using older versions of PHP which are less secure than the latest one.
add a note add a note
Características> <Seguridad
Mar Oct 14, 2008 2:32 pm