Programming/Scripting Resource

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Jan 11 15:06:34 UTC 2007


On Thu, Jan 11, 2007 at 11:08:52AM -0500, John Macdonald wrote:
> (Disclaimer: I have never used PHP.)
> 
> I recently read an article (but I didn't keep track of where
> it was, I'm afraid) about PHP security problems.  It said that
> the prime developers of PHP considered security to be far less
> important than simplicity of use - to the extent of not fixing
> insecure-as-installed issues (that's rejecting offered bug
> fixes, not just refusing to spend the effort to find a problem)
> but instead assuming that people who care about security will
> intuit the issues and work to avoid them while keeping the
> language "easy" for others.
> 
> Hence, I would expect any PHP script, or any PHP programmer,
> to be likely to be providing security problems, and would
> expect that learning PHP to not be providing a sufficient
> grounding in safe programming..

I like php.  Nice easy to use web programming language.  However
security really has been a disaster for it.  For example an article from
today:

http://www.theregister.co.uk/2007/01/11/php_apps_security/

Rather scary.  Easy to use and not secure by design, means people who
don't understand security issues will still be able to make programs
that they believe are working just fine.  Bad idea.

--
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list