security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
security [2016/11/11 12:59] – krakjoe | security [2016/11/11 13:16] – krakjoe | ||
---|---|---|---|
Line 38: | Line 38: | ||
This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries. | This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries. | ||
- | This kind of issues usually | + | This kind of issues usually |
===== Medium severity ===== | ===== Medium severity ===== | ||
Line 54: | Line 54: | ||
===== Low severity ===== | ===== Low severity ===== | ||
- | This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present. | + | This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present |
This also includes problems with configuration, | This also includes problems with configuration, | ||
Line 68: | Line 68: | ||
We do not classify as a security issue any issue that: | We do not classify as a security issue any issue that: | ||
- | * requires invocation of specific code, which may be valid but is obviously malicious | + | * requires invocation of specific code, which may be valid but is obviously malicious |
- | * requires invocation of functions with specific arguments, which may be valid but are obviously malicious | + | * requires invocation of functions with specific arguments, which may be valid but are obviously malicious |
- | * requires specific actions to be performed on the server | + | * requires specific actions to be performed on the server, which are not commonly performed, or are not commonly |
* requires privileges superior to that of the user (uid) executing PHP | * requires privileges superior to that of the user (uid) executing PHP | ||
* requires the use of debugging facilities - ex. xdebug, var_dump | * requires the use of debugging facilities - ex. xdebug, var_dump | ||
Line 87: | Line 87: | ||
Q. How do I report a security issue?\\ | Q. How do I report a security issue?\\ | ||
- | A. Please report it on http:// | + | A. Please report it on http:// |
Q. What do you consider a responsible disclosure? | Q. What do you consider a responsible disclosure? |
security.txt · Last modified: 2024/01/30 17:35 by derick