On Wednesday 4 July 2007 06:28, Charlie wrote:
> "Especially for such **insert curse words here** languages like php".
>
> Why do you feel that php is a **insert curse words here** language?
>
> If PHP is such a **insert curse words here** language, then why does Debian
> allow apps such as roundcube and gallery2, to mention a few, into the
> repos?
>
> Which language would you recommend using and why do you recommend it?

I think Bernd has used unfortunate words to express that in his opinion, it's 
easier in PHP to create security bugs in your code.

I only agree to that to a limited extent. The most important problem, register 
globals, has been resolved (Debian tells users not to use that setting or be 
on their own). However, it is true that it's easy to start coding in PHP so 
there's a higher level of inexperienced programmers. It's also true that web 
applications in general are more vulnerable to bugs, but this is not 
PHP-specific.

A traditional language like C also has its own classes of security problems.

You should be careful with any package you upload to Debian, and specifically 
web applications. I do not recommend other languages than PHP that are 
supposedly 'better', because the security of the app depends so much more on 
the programmers than on the actual language used.

You could say that the easiness of PHP selects in favour of less experienced 
programmers, so an audit can be worthwhile.

It helps no-one to be cursing at specific languages and I don't see the added 
value of that to this list.


Thijs

Attachment: pgpKGBfe66l1i.pgp
Description: PGP signature

Reply via email to