Al Baker writes: > This thread's pretty much pointless - I recommend you read up on web > security in general.
I understand web security. When I found out that somebody was breaking into my system, I knew *exactly* how they were doing it: through PHP. I turned out to be correct. PHP's reputation for making it easy to write insecure code is deserved. Not only that, but people who are working on PHP seem bound and determined to preserve that reputation. What shocked me was not that I was right, but instead that I had two instances of the very same vulnerability, written by two different programmers (strangers to each other), and it was the security lapse that you first find when you google for "php security flaw". And you're trying to tell me that PHP's 'include' doesn't have a problem?? If you want to convince me that you're right, first you're going to have to present me with different facts. -- --My blog is at blog.russnelson.com | If you want to find Crynwr sells support for free software | PGPok | injustice in economic 521 Pleasant Valley Rd. | +1 315-323-1241 | affairs, look for the Potsdam, NY 13676-3213 | | hand of a legislator. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
