[Novalug] shortened was: php vuln. web pages

John Franklin franklin@elfie.org
Sat May 19 23:33:21 EDT 2012


Oh, are you an iOS developer, too?  :)

jf

On May 19, 2012, at 11:30 PM, Bonnie Dalzell wrote:

> On Fri, 18 May 2012, John Franklin wrote:
> 
>> 5.2.x is still in common use, mostly because 5.3 broke a lot of code.
> 
> that makes sense in relation to what my IHP tech desk told me.
> 
> it is frustrating to me that "advances" in computer languages often seem to result in making older creations obselete for no obvious to me except to increase the complexity of the program or web page or whatever.
> 
> for me an example is the attempt to replace using tables for organizing things on a web page with css.
> 
> i still cannot make a reliable dog pedigree in css for example. trying to format css so a image can be used behind text to form "buttons" seems to be almost impossible yet I can use a table with the image displayed in a cell that also contains the text and do it reliably, etc.
> 
> but them what to primates do, primates keep busy...
> 
> 
>> 
>> jf
>> 
>> On May 18, 2012, at 21:06, "Jay Hart" <jhart@kevla.org> wrote:
>> 
>>>> On Thu, 17 May 2012, How7 wrote:
>>>> 
>>>>> On 5/17/2012 4:21 PM, Bonnie Dalzell wrote:
>>>>>> the only place i found unwanted code was in index.html, main.html,
>>>>>> home.html and in index.php
>>>>> 
>>>>> Has your IHP upgraded to PHP 5.4.3 or 5.3.13 ?
>>>>> <?php
>>>>> phpinfo();
>>>>> ?>
>>>>> 
>>>>> If not why not?
>>>> 
>>>> 
>>>> when I asked the IHP tech desk this is what they told me:
>>>> 
>>>> There are different PHP families, in the shared environment, 5.2.x is the
>>>> most recent family before some traditional PHP functionality is disabled.
>>>> 
>>> 
>>> Bonnie,
>>> 
>>> I can't comment on the validity of the above statement.  BISLBSTM
>>> 
>>> I figured I would show a timeline for various php releases for comparison.
>>> 
>>> php 5.2.0 - released Nov 2006
>>> 
>>> php 5.3.0 - released Jun 2009
>>> 
>>> php 5.2.13 - released Feb 2010
>>> 
>>> php 5.4.0 - released Mar 2012
>>> 
>>> So assuming you are on the high side of the 5.2.x series, you are at least 2
>>> years out of date.  I'd ask why?  And find out what else they are out of date
>>> on?   I would assume that with the overlap of 5.2 and 5.3 series (as shown
>>> above), they could have moved at least to 5.3.0 without any issues.
>>> 
>>> Fellow PHPers, am I right?
>>> 
>>> Jay
>>> 
>>> 
>>>> 
>>>>> 
>>>>> If so they must be getting changed from the inside?
>>>>> Perhaps they have slipped something into another script which does the
>>>>> insert
>>>>> every time they hit that page.
>>>>> 
>>>>> Do you have clean backup files that you could
>>>>> - compare file size to?
>>>>> - compare with diff?
>>>>> 
>>>>> Do server access logs show query strings?
>>>>> 
>>>> 
>>>> what format would i look for to recognize a query string?
>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>                       Bonnie Dalzell, MA
>>>> mail:PO box 9767 Baldwin, MD, USA 21013  |  EMAIL:bdalzell@qis.net
>>>> shipping adddress:5100 Hydes Rd 21082 (Hydes Post Office closed Jan 2012)
>>>> Freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
>>>> breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
>>>> HOME www.batw.net    ART bdalzellart.batw.net  BUSINESS
>>>> www.boardingatwedge.com
>>>> 
>>>> _______________________________________________
>>>> Novalug mailing list
>>>> Novalug@calypso.tux.org
>>>> http://calypso.tux.org/mailman/listinfo/novalug
>>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Novalug mailing list
>>> Novalug@calypso.tux.org
>>> http://calypso.tux.org/mailman/listinfo/novalug
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug
>> 
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                       Bonnie Dalzell, MA
> mail:PO box 9767 Baldwin, MD, USA 21013  |  EMAIL:bdalzell@qis.net
> shipping adddress:5100 Hydes Rd 21082 (Hydes Post Office closed Jan 2012)
> Freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
> breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
> HOME www.batw.net    ART bdalzellart.batw.net  BUSINESS www.boardingatwedge.com




More information about the Novalug mailing list