Comments on: How to Prevent your own Facebook-Style PHP Leak http://www.bookmarkbliss.com/programming/how-to-prevent-your-own-facebook-style-php-leak/ Weekly Business Bookmarks for Internet Entrepreneurs Fri, 25 Jul 2008 05:03:46 +0000 http://wordpress.org/?v=2.2.2 By: Jonathan Street http://www.bookmarkbliss.com/programming/how-to-prevent-your-own-facebook-style-php-leak/#comment-3368 Jonathan Street Mon, 13 Aug 2007 10:38:21 +0000 http://www.bookmarkbliss.com/programming/how-to-prevent-your-own-facebook-style-php-leak/#comment-3368 I don't know if you follow planet-php but some of the blogs syndicated there were coming out quite vehemently opposed to Nik's article. On first reading it Nik seemed to be talking sense but I also feel some of the criticisms are justified - though could have been phrased more diplomatically. I think the key criticisms centered around two key points. Firstly, and this is a mistake you make here, Facebook said it was a misconfiguration. It wasn't a bug. Secondly, if someone is going to mess up installing one module (mod_php) is installing additional modules and/or custom rules correctly going to be likely. The first point I agree with completely but the second one I'm not so convinced by. If you have a checklist and two of the points on there are specifically to prevent misconfigurations you're going to catch more mistakes than if you didn't. The only point I plan to use is moving code out of the web accessible folders. The way I code at the moment makes this really simple and I can't see any reason not to do this. The two posts I've seen: http://www.phpcult.com/blog/12/in-response-to-learning-from-facebook-preventing-php-leakage/ http://killersoft.com/randomstrings/2007/08/12/php-did-not-cause-facebook-code-leakage/ I don’t know if you follow planet-php but some of the blogs syndicated there were coming out quite vehemently opposed to Nik’s article.

On first reading it Nik seemed to be talking sense but I also feel some of the criticisms are justified - though could have been phrased more diplomatically.

I think the key criticisms centered around two key points. Firstly, and this is a mistake you make here, Facebook said it was a misconfiguration. It wasn’t a bug.

Secondly, if someone is going to mess up installing one module (mod_php) is installing additional modules and/or custom rules correctly going to be likely.

The first point I agree with completely but the second one I’m not so convinced by. If you have a checklist and two of the points on there are specifically to prevent misconfigurations you’re going to catch more mistakes than if you didn’t.

The only point I plan to use is moving code out of the web accessible folders. The way I code at the moment makes this really simple and I can’t see any reason not to do this.

The two posts I’ve seen:
http://www.phpcult.com/blog/12/in-response-to-learning-from-facebook-preventing-php-leakage/
http://killersoft.com/randomstrings/2007/08/12/php-did-not-cause-facebook-code-leakage/

]]>