security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
security [2016/11/11 13:05] krakjoesecurity [2017/09/22 13:28] – external edit 127.0.0.1
Line 38: Line 38:
 This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries. This category also may include issues that require special code or code pattern if such code or pattern is present in many popular libraries.
  
-This kind of issues usually require a CVE report.+This kind of issues usually requires a CVE report.
  
 ===== Medium severity ===== ===== Medium severity =====
Line 54: Line 54:
 ===== Low severity ===== ===== Low severity =====
  
-This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present. +This issue allows theoretical compromise of security, but practical attack is usually impossible or extremely hard due to common practices or limitations that are virtually always present or imposed
  
 This also includes problems with configuration, documentation, and other non-code parts of the PHP project that may mislead users, or cause them to make their system, or their code less secure.  This also includes problems with configuration, documentation, and other non-code parts of the PHP project that may mislead users, or cause them to make their system, or their code less secure. 
Line 75: Line 75:
   * requires the use of settings not recommended for production - ex. error reporting to output   * requires the use of settings not recommended for production - ex. error reporting to output
   * requires the use of non-standard environment variables - ex. USE_ZEND_ALLOC   * requires the use of non-standard environment variables - ex. USE_ZEND_ALLOC
-  * requires the use of non-standard builds+  * requires the use of non-standard builds - ex. obscure embedded platform, not commonly used compiler
   * requires the use of code or settings known to be insecure   * requires the use of code or settings known to be insecure
  
Line 87: Line 87:
  
 Q. How do I report a security issue?\\ Q. How do I report a security issue?\\
-A. Please report it on http://bugs.php.net, choosing type "Security". This will automatically make it private. If for some reason you can not do that, or need to talk to somebody about PHP security issue that is not exactly a bug report, please write to security@php.net. +A. Please report it on http://bugs.php.net, choosing type "Security". This will automatically make it private. If for some reason you can not do that, or need to talk to somebody about PHP security issue that is not exactly a bug report, please write to security@php.net. 
  
 Q. What do you consider a responsible disclosure?\\ Q. What do you consider a responsible disclosure?\\
security.txt · Last modified: 2024/01/30 17:35 by derick