News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Facebook PHP Source Leaked
August 13, 2007 @ 07:56:00

As many people noted in the past few days, there was a code leak over on Facebook.com. Some of the PHP code that runs the website was exposed as plain text to viewers. Unfortunately, several people are blaming PHP as the source of the issue including Nik Cubrilovic, a writer for TechCrunch:

I just posted on TC about the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file.

Of course, the PHP community is speaking back to the allegations including Clay Loveless in a new blog entry on his site:

I agree with Cubrilovic that the inadvertent delivery of source code instead of the result of that source code is certainly a horrific situation, with potentially serious ramifications for any company that experiences such a problem on a large scale basis. [...] Unfortunately, the updates appended to the article imply that PHP is somehow responsible for this leakage.

He supports some of the issues (a server misconfiguration could cause odd behavior) but refutes others (the "known issue" of PHP pushing out source code under high load).

0 comments voice your opinion now!
facebook source leak server misconfigure facebook source leak server misconfigure


blog comments powered by Disqus

Similar Posts

PHPBuilder.com: Validating PHP User Sessions

The Hacker Webzine: Two PHP Reconnaissance Vectors

Community News: New York PHP Conference 2006 Slides Posted

Kevin Schroeder's Blog: Your favorite PHP sites (based off of Facebook responses)

Evert Pot's Blog: PHP serializer in userland code


Community Events











Don't see your event here?
Let us know!


overview application release opinion install package hhvm facebook security code hack language introduction symfony2 component podcast framework support composer unittest

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework