On Mon, Jul 16, 2012 at 02:06:04PM -0400, Ben Mendis wrote: > And Dan Kaminsky and Jeremiah Grossman are not the only two security > guys who have come to this conclusion. > > Sure, PHP isn't my favorite language... but blaming bad code on PHP, and > assuming that changing the language is a panacea for security, is pretty > silly. I've seen bad code in nearly every language I've ever > encountered. Even in the Haskell world you can find examples of bad, > insecure code. PHP isn't inheirently impossible to secure, most of the > vulnerabilities people find in the PHP webapps are things that could > affect webapps written in _any_ language, not something inheirent to the > PHP platform.
Nevertheless the greatest offender remains PHP. Whether poor programmers choose a poor tool it doesn't really matter. The result is that for me personally any world-facing PHP is a major liability. It takes overproportional amount of care to keep these secure. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
