Anybody considering using any application written in PHP should
consider Marc Espie's option about the PHP language (
http://marc.theaimsgroup.com/?l=openbsd-misc&m=114664070319490&w=2 )
----- quote ---------

I'm not the maintainer of php itself, but still I have an opinion.

I don't like php, from a security point of view.
It has an AWFUL track record. Some people will tell you it has
seen lots of vulnerabilities because it's in heavy use. Well,
I've had a look at the code, it has seen lots of vulnerabilities
because it was never designed with security in mind.

That said, we provide php because some people may want it. I personally
would NOT want to run that on any kind of web server (in fact, I use
perl's HTML::Mason as the same kind of framework).

I can give you a simple answer though.

Yes, php* is vulnerable.

Doesn't matter whether you're talking about this vulnerability, or another.
There will be another one lurking around the corner.

Fixing vulnerabilities in the php code is like sticking a finger in a dike.
Great legendary stuff, doesn't really work in reality.
------------------ end quote -----------

Reply via email to