On Wednesday 4 July 2007 06:28, Charlie wrote: > "Especially for such **insert curse words here** languages like php". > > Why do you feel that php is a **insert curse words here** language? > > If PHP is such a **insert curse words here** language, then why does Debian > allow apps such as roundcube and gallery2, to mention a few, into the > repos? > > Which language would you recommend using and why do you recommend it?
I think Bernd has used unfortunate words to express that in his opinion, it's easier in PHP to create security bugs in your code. I only agree to that to a limited extent. The most important problem, register globals, has been resolved (Debian tells users not to use that setting or be on their own). However, it is true that it's easy to start coding in PHP so there's a higher level of inexperienced programmers. It's also true that web applications in general are more vulnerable to bugs, but this is not PHP-specific. A traditional language like C also has its own classes of security problems. You should be careful with any package you upload to Debian, and specifically web applications. I do not recommend other languages than PHP that are supposedly 'better', because the security of the app depends so much more on the programmers than on the actual language used. You could say that the easiness of PHP selects in favour of less experienced programmers, so an audit can be worthwhile. It helps no-one to be cursing at specific languages and I don't see the added value of that to this list. Thijs
pgpKGBfe66l1i.pgp
Description: PGP signature