|
|
|
|
|
|
by jnbiche
4371 days ago
|
|
|
>There is nothing special about PHP that makes this insecure He didn't say it was because of PHP, he said it was because of http (i.e., because it's not over SSL). > the exact same attack you describe could be done when you are downloading a Windows installer executable from a browser and double clicking it Exactly, which is why people who are security conscious never simply execute a Windows installer downloaded from the browser (or wget, for that matter). At a minimum, one checks the file hashes. Ideally, one confirms that the executable has been properly signed and not tampered with (by right-clicking the file, clicking 'properties' and looking at the 'signature' tab, or else manually checking if it's been GPG signed). |
|
|