security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
security [2016/11/11 13:05] – krakjoe | security [2016/11/11 19:09] – krakjoe | ||
---|---|---|---|
Line 38: | Line 38: | ||
This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries. | This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries. | ||
- | This kind of issues usually | + | This kind of issues usually |
===== Medium severity ===== | ===== Medium severity ===== | ||
Line 54: | Line 54: | ||
===== Low severity ===== | ===== Low severity ===== | ||
- | This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present. | + | This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present |
This also includes problems with configuration, | This also includes problems with configuration, | ||
Line 70: | Line 70: | ||
* requires invocation of specific code, which may be valid but is obviously malicious | * requires invocation of specific code, which may be valid but is obviously malicious | ||
* requires invocation of functions with specific arguments, which may be valid but are obviously malicious | * requires invocation of functions with specific arguments, which may be valid but are obviously malicious | ||
- | * requires specific actions to be performed on the server | + | * requires specific actions to be performed on the server, which are not commonly performed, or are not commonly permissible for the user (uid) executing PHP |
* requires privileges superior to that of the user (uid) executing PHP | * requires privileges superior to that of the user (uid) executing PHP | ||
* requires the use of debugging facilities - ex. xdebug, var_dump | * requires the use of debugging facilities - ex. xdebug, var_dump | ||
* requires the use of settings not recommended for production - ex. error reporting to output | * requires the use of settings not recommended for production - ex. error reporting to output | ||
* requires the use of non-standard environment variables - ex. USE_ZEND_ALLOC | * requires the use of non-standard environment variables - ex. USE_ZEND_ALLOC | ||
- | * requires the use of non-standard builds | + | * requires the use of non-standard builds |
* requires the use of code or settings known to be insecure | * requires the use of code or settings known to be insecure | ||
Line 87: | Line 87: | ||
Q. How do I report a security issue?\\ | Q. How do I report a security issue?\\ | ||
- | A. Please report it on http:// | + | A. Please report it on http:// |
Q. What do you consider a responsible disclosure? | Q. What do you consider a responsible disclosure? |
security.txt · Last modified: 2024/01/30 17:35 by derick