Quote from: raven92 on July 24, 2012, 12:36 pmLuis, PHP is by far one of the most exploited languages out there.Yep.Quote from: raven92 on July 24, 2012, 12:36 pmIt's not that PHP by itself is inherently insecure but most developers copy & paste insecure code because PHP offers you 100 ways to do the same thing, and 99 out of 100 of them are begging to be exploited.The history of the Mambo/Joomla is a fine example of that. The joke about that one was that it was a security hole large enough to drive a truck through with a CMS wrapped around it.Quote from: raven92 on July 24, 2012, 12:36 pmMultiple people including myself have begged SR staff to shut off error reporting, its the most handy tool you can provide a hacker, in fact its how most exploit gets their information back, through error reporting. It's a shame to see that it apparently is still on for public viewing. Ideally you don't have any exploits at all, but making the hacker work with the same "error occurred" message makes their job a lot tougher and sometimes even impossible to be useful. I agree, that would be a great help. Ideally I should've just received a plain 404 error from what I did and not something which told me how to find the framework SR uses.Quote from: raven92 on July 24, 2012, 12:36 pmSome links discussing securing a PHP applicaiton.http://net.tutsplus.com/tutorials/php/5-helpful-tips-for-creating-secure-php-applications/https://learn.iis.net/page.aspx/744/secure-php-with-configuration-settings/Thanks, they both look useful.