Heartbleed Bug - What can a developer do about it

Question

Hi moderators,

I was notified of a technical vulnerability in openssl that exists in ubuntu and apache that will allow backdoor access to all user ids and password without any back trace. This information was gotten from ifttt.com newsletter sent today.

The vulnerability was code named heartbleed bug.

More information can be found here regarding heart bleed bug:

http://heartbleed.com

As a starting and new php developer, i am using mamp and working on the mac. I believe my web application will also have this vulnerability.

Unfortunately, i find that it is too technical for me to understand what's this vulnerability is about. But i learnt from the website that as apache powered 66% of website online, we will be affected in someway.

As a php developer, what can i do about it to protect my web application and users?

Regards,

Boon Kiat

Answer 1 · 2014-04-10T07:30:05Z

April 10, 2014 7:30am

I'm no expert, but the problem was patched before the story broke, maybe forcing users to change passwords regularly would be prudent as you can't predict these things.

I don't think you could have done anything about in your php, though I could be wrong.

Answer 2 · 2014-04-10T09:51:16Z

April 10, 2014 9:51am

What can you do about it?

Whose job is it to install the OS, update the packages, setup webserver (and HTTPS certs), email (and IMAPS & SMTPS certs)?

If it's your responsibility, you probably need to call in some outside help in this case.

If not, talk to the people whose job that is.

Welcome to the Treehouse Community

Looking to learn something new?

Boon Kiat Seah

Boon Kiat Seah

Heartbleed Bug - What can a developer do about it

2 Answers

Howard Slatter

Howard Slatter

James Barnett

James Barnett