Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security #4

Closed
Immortalin opened this issue Jun 29, 2018 · 1 comment
Closed

Security #4

Immortalin opened this issue Jun 29, 2018 · 1 comment

Comments

@Immortalin
Copy link

Does this automatically prevents any of PHP's infamous security issues?
@chr15m
Copy link
Owner

chr15m commented Jul 1, 2018

No, I don't think so.

  • A functional coding style and minimising mutation etc. will lead to less defects yes, but;

  • The make-a-LISP code is a big PHP blob at the top of every script produced by frock, and I don't think it was written with security in mind - it's an educational exercise.

  • All that fresh PHP code is more likely to increase the attack surface of a given script rather than reduce it.

  • As stated in the README this really is a hack at the moment and has not been audited for security.

That said, if you're using this to experiment, or for privately hosted firewalled code or whatever, it's probably fine. "Barely functional" is how I would describe this codebase rather than "secure". :)

I would very much welcome security audits & patches to fix bugs of course, and I'm sure the upstream mal project would find that useful too!

@chr15m chr15m closed this as completed Jul 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chr15m @Immortalin