[thelist] RE: PHP 'proof of concept' virus developed

Walter Lee Davis waltd at wdstudio.com
Tue Jan 9 17:51:26 CST 2001 

I'm not going to agree that most personalization is written in PHP, but it
is a very popular and rapidly-growing server-side platform for development
of dynamic content web sites and web applications.

I've not heard of this virus, either, but I'm suspicious of it immediately,
since PHP is only going to be running on a server, nowhere else, and virii
are something you run across in user-space. If someone wants to crack my
web server, there are far better and easier ways than uploading some
malicious PHP code and then somehow getting my web server to execute it
(I'm not sure why they would want to do this, since they'd already have to
be root to do so and my machine's gone anyway in that case).

At its simplest, a hypertext preprocessor is a program that runs on the web
server, either as a plug-in to the web server or as a traditional CGI. It
parses web pages requested from the server for embedded commands like
database lookups or business logic decisions and executes them before the
finished page is sent to the browser as plain HTML. PHP is similar in rough
concept to JSP, ASP, Cold Fusion, and quite a few other three letter
acronym technologies. Proponents of it (myself included) will bore you
stupid with performance claims and its inherent "Microsoft-free open-source
purity". It's a great, easy to learn programming environment, and I can't
recommend it highly enough.

Why not download a copy and try it out? It's free, after all -- there are
great how-to books available, too. And you cannot beat the user support
network.

Walter

>Message: 9
>Date: Tue, 09 Jan 2001 12:24:21 -0800
>To: thelist at lists.evolt.org
>From: Erika Meyer <meyer at up.edu>
>Subject: Re: [thelist] RE: PHP 'proof of concept' virus developed
>Reply-To: thelist at lists.evolt.org
>
>At 02:34 PM 1/9/01 -0800, you wrote:
>>Obviously written by a) a representative of PHP,
>
>yeah, those dang PHP representatives.
>
>>2) a technical author who
>>knows buzzwords and what the interviewee tells them, and nothing more
>
>probably.
>
>>iii) a complete idiot.  Most likely b)
>
>agreed.
>
>***
>
>I'm curious as to what the meaning of all this is.  Is this virus somehow
>different than a virus created in another scripting language?  I don't
>really understand why it's called a "hypertext" virus, or what a "hypertext
>preprocessor" is for that matter.
>
>It's of interest to me, because I am wanting to learn more about PHP... but
>I want to make sure this kind of thing doesn't start to scare users away
>from PHP enabled sites.  You know how people were (and some still are)
>freaky about JavaScript (I still can't figure out why people were afraid of
>JavaScript...)
>
>Erika

More information about the thelist mailing list