[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote:
I still think it's sloppy coding on behalf of the web weenies out there, rather than anything inherently wrong with php.
I use PHP a fair bit, though I'd not describe myself as a fan. There's a good deal I don't like about it. However, whilst PHP has had some utter howlers of security issues and was very poorly designed from the point of view of security, I think one of the reasons it gets so much bad press is that it is very popular because it's fairly easy to learn and therefore many people who aren't good at writing code likely to be secure tend to use it. Those two things make it worthwhile (for some people) spending time on looking for potential security vulnerabilities in both the PHP implementation itself and in code written using it. This does result in a goodly number of loons banging on about how insecure it is and how <their language of choice> is much better when in fact there are only three users of said language in the world and almost no applications written using it, so no-one shows any real interest in testing how secure it might be. Thinking back over the last fifteen to twenty years I've seen similar things happen with so many other applications that it's tediously predictable. Yes, PHP is shockingly badly designed and makes it far too easy to point a gun at your foot and blow your leg off from the gonads down, but before people start slating it as being far worse from a security point of view than any other possible language, I think a bit more careful review of the actual evidence and what conclusions can validly be drawn from it is required, not to mention defining what "more secure" really means. James -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html