> Hey all > > Just a thought / question. > > Lately in my Logwatch emails, I have been seen attempts like this: > > Forums/admin_styles.phpadmin_styles.php?p ... cho%20YYY;echo|: 1 Time(s) > /admin_styles.phpadmin_styles.php?phpbb_ro ... cho%20YYY;echo|: 1 > Time(s) > /articles/mambo/index2.php?_REQUEST[option ... cho%20YYY;echo|: 1 > Time(s) > /blog/xmlrpc.php: 1 Time(s) > /blog/xmlsrv/xmlrpc.php: 1 Time(s) > /blogs/xmlsrv/xmlrpc.php: 1 Time(s) > /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 2 > Time(s) > /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 > Time(s) > /drupal/xmlrpc.php: 1 Time(s) > /forum/admin_styles.phpadmin_styles.php?ph ... cho%20YYY;echo|: 1 > Time(s) > /index.php?option=com_content&do_pdf=1&id= ... cho%20YYY;echo|: 2 > Time(s) > /index2.php?option=com_content&do_pdf=1&id ... cho%20YYY;echo|: 2 > Time(s) > /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 2 > Time(s) > /modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 1 > Time(s) > /modules/coppermine/themes/default/theme.p ... cho%20YYY;echo|: 1 > Time(s) > /phpgroupware/xmlrpc.php: 1 Time(s) > /wordpress/xmlrpc.php: 1 Time(s) > /xmlrpc.php: 2 Time(s) > /xmlrpc/xmlrpc.php: 1 Time(s) > /xmlsrv/xmlrpc.php: 1 Time(s) > > A short while ago I was seen Horde attempts. > > So my question is, Is Squirrel Mail built / designed / coded with security > in mind. Because the number of PHP exploits is shocking and sure PHP has > lost some market share / respect on this.
you are confusing PHP scripts and PHP interpreter. Sloppy PHP script programming does not make PHP interpreter insecure. SquirrelMail 1.4.x versions are pretty stable and reviewed. It is possible that some errors exists, but we can fix them. Most of SquirrelMail scripts require authentication and you can't script single worm that abuses same issue in all SquirrelMail installs. In 1.5.1 and 1.4.7cvs we added code that reduces number of issues in register_globals setups. Database backends use sanitizing functions to secure SQL queries. htmlfilter issues can be introduced only if people discover some parser bug in browsers. -- Tomas -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@lists.sourceforge.net List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
