Stut wrote: >>> Ask random people in the IT world what they think about PHP. >>> I bet you'll hear lots of FUD about it being insecure. Why is it >>> insecure? >> >> 1) it's (mostly) interpreted >> 2) it's type-weak > > There is nothing inherently insecure contained within either of those > features. Whatever language you're developing a web app in, from C to > C#, you will always get all variables you're passed from the user as > strings. Proper validation is always a requirement. > > As for being interpreted I fail to see how that's a security risk so > long as you adequately lock down your servers, something that applies > regardless of the language you're using.
It's perhaps also a matter of opinion, but IMHO a type-weak and interpreted language is far more prone to errors that could become security risks than a type-strong, compiled language. The latter can do a lot of checking at compile time - none of them will make it inherently more secure, but an inexperienced programmer will be less likely to make mistakes with serious consequence for security. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
