[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
James Fidell wrote:
This is what I call the microsoft effect - tell everyone computing is easy and they'll all want to try it. And if they don't learn the basics first then they fall at every hurdle everyone else fell at before. I hated history at school but it is true that those who don't learn from history repeat it. Programming combined with PC isms (don't use the goto, you dont wanna do it like that) and other personal whims leads to, believe it or not, almost complete stagnation in coding over the last 20 years or so. The old rules have been torn up - and they're gradually being re-written..verbatimGordon Henderson wrote:I still think it's sloppy coding on behalf of the web weenies out there, rather than anything inherently wrong with php.I use PHP a fair bit, though I'd not describe myself as a fan. There's a good deal I don't like about it. However, whilst PHP has had some utter howlers of security issues and was very poorly designed from the point of view of security, I think one of the reasons it gets so much bad press is that it is very popular because it's fairly easy to learn and therefore many people who aren't good at writing code likely to be secure tend to use it. Those two things make it worthwhile (for some people) spending time on looking for potential security vulnerabilities in both the PHP implementation itself and in code written using it. This does result in a goodly number of loons banging on about how insecure it is and how <their language of choice> is much better when in fact there are only three users of said language in the world and almost no applications written using it, so no-one shows any real interest in testing how secure it might be. Thinking back over the last fifteen to twenty years I've seen similar things happen with so many other applications that it's tediously predictable. Yes, PHP is shockingly badly designed and makes it far too easy to point a gun at your foot and blow your leg off from the gonads down, but before people start slating it as being far worse from a security point of view than any other possible language, I think a bit more careful review of the actual evidence and what conclusions can validly be drawn from it is required, not to mention defining what "more secure" really means. James
Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html