Programming/Scripting Resource
John Van Ostrand
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Thu Jan 11 15:34:43 UTC 2007
On Thu, 2007-01-11 at 10:06 -0500, Lennart Sorensen wrote:
> I like php. Nice easy to use web programming language. However
> security really has been a disaster for it. For example an article from
> today:
> http://www.theregister.co.uk/2007/01/11/php_apps_security/
>
> Rather scary. Easy to use and not secure by design, means people who
> don't understand security issues will still be able to make programs
> that they believe are working just fine. Bad idea.
I don't think PHP is the problem. Its popularity combined with sloppy
coding is the cause of the large number of exploits. The article even
states this. Perhaps one can say that sloppy web coders choose PHP.
It would be nice if a language made it easy to program more securely.
Take one of the common exploits, SQL code injection. A programmer
displays an HTML form, accepts data from it and uses that data in an SQL
statement without checking.
Aside from Perl (with non-default settings), what language helps to
force the user to clean the data first?
--
John Van Ostrand Net Direct Inc.
CTO, co-CEO 564 Weber St. N. Unit 12
Waterloo, ON N2L 5C6
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org ph: 518-883-1172 x5102
Linux Solutions / IBM Hardware fx: 519-883-8533
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list