November 23, 2014
Hot Topics:

PHP 5.3.1 Released, Security Beefed Up

  • January 12, 2010
  • By Marc Plotz
  • Send Email »
  • More Articles »

The PHP development team recently introduced the latest version of the new PHP 5.3 branch, PHP 5.3.1. This version essentially does not change the essential core 5.3 PHP engine, but by focusing on stability and security, the PHP team has introduced more than 100 bug fixes and tweaks to the overall framework.

In his Web Developer's Virtual Library (WDVL) article, Marc Plotz explains why he has been very encouraged by the PHP team's very conscious drive to empower the security features in this release. In his assessment, the most significant and security-conscious addition in PHP 5.3.1 is the inclusion of a max_file_uploads INI directive, making it possible to limit file uploads per request to 20 files by default. This is extremely important in circumventing denial of service (DoS) attacks.

Other bug fixes include missing sanity checks around EXIF (exchangeable image file format) processing, while Rasmus Lerdorf himself fixed a safe_mode bypass in tempnam(). An open_basedir bypass in posix_mkfifo() was also repaired, along with the failing safe_mode_include_dir. You can see the CHANGELOG for more details.

Read Marc Plotz's full review of the PHP 5.3.1 release at WDVL.


Tags: PHP, PHP 5, security, denial of service, Namespaces




Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Rocket Fuel