security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
security [2016/11/11 12:59] krakjoesecurity [2016/11/11 13:05] krakjoe
Line 68: Line 68:
 We do not classify as a security issue any issue that:  We do not classify as a security issue any issue that: 
  
-  * requires invocation of specific code, which may be valid but is obviously malicious (unless it is a very simple frequently used code, such as starting a session, calling a constructor, throwing an exception, etc.) +  * requires invocation of specific code, which may be valid but is obviously malicious 
-  * requires invocation of functions with specific arguments, which may be valid but are obviously malicious (unless such arguments commonly are supplied by the external user in typical code - e.g. bug in input sanitizing functions).  +  * requires invocation of functions with specific arguments, which may be valid but are obviously malicious 
-  * requires specific actions to be performed on the server to trigger it, which is not commonly performed and is not commonly accessible to the remote user+  * requires specific actions to be performed on the server, which are not commonly performed, or are not commonly permissible for the user (uid) executing PHP
   * requires privileges superior to that of the user (uid) executing PHP   * requires privileges superior to that of the user (uid) executing PHP
   * requires the use of debugging facilities - ex. xdebug, var_dump   * requires the use of debugging facilities - ex. xdebug, var_dump
security.txt · Last modified: 2024/01/30 17:35 by derick

Page Tools