[KLUG Members] Re: great site to "get together" in

[Adam Williams]

>Ok.. the ruffled feather are out.. ideas are in  LOL  

Exactly!

>But in one of  the
>responses I saw posted concerned PHP Nuke.  Well, that one left me a bit
>bewildered.  Is there an issue with security at a site with PHP?  

There are issues specific to PHP,  as well as ones that generally arise
from web scripting.  The post indicated that some versions of php-nuke
suffer from some of the latter.

>I'm not
>even sure what the whole thread meant, but that one left me scratching my
>head. *S*

Security issues can be a bit bewildering.

>I have seen the PHP mentioned in the address at the www.p-two.net website
>when I went into the forums.  But, I never have paid much attention before
>to what the address shows at the address bar.  I'm a bit of a neophile about
>that one. *S*

p-two.net uses the PHP-Nuke package, an application written in the PHP
scripting language.  It is actually a pretty common package.  As with
many such packages still their youth people are discovering flaws in the
implementation that can be exploited for nefarious purposes.  Developers
often want to get-something-going so they short cut a thing here or
there.  The post also seemed to indicate that php-nuke developers were
responding to these exploits,  so they will be fixed (one assumes). 
Many "seasoned" admins are a bit wary of packages that receive exploit
reports, and avoid them until there has been some 'period of silence'
concerning such things.  Nothing is meant in regards to the
functionality of the application,  just they they (or me, as a
sys-admin) don't want to spend alot of time patching code or getting
ulcers from concern that another exploit might be just around the
corner.