** Lee Tambiah <[EMAIL PROTECTED]> [2007-05-31 17:15]: > > > >** Simon Elliott <[EMAIL PROTECTED]> [2007-05-30 23:08]: > >I also avoid aptitude (or equivalent) installs of web applications > >because they tend to lag behind in terms of patches which I like to keep > >bang up to date with - personal opinion though :) > > > >-- > >Paul Tansom > > > I'd second that! But lets not put FUD into PHP, it is secure providing it > has been programmed to be secure! Providing you keep upto date you shouldn't > have any major security exploits. I run a wordpress blog which is php based, > and never had any security issues. But I believe my hosters have a lot a > good set up to prevent exploits. > > Lee ** end quote [Lee Tambiah]
Not intending to FUD anyone there, I'm hoping I managed to stick to facts, although your quoted section misses the main PHP comment. PHP I do keep maintained via aptitude, but an application such as PHPBB, Joomla, Squirrelmail or etc. (PHPBB being the only one I've run on the server) I tend to go straight to source with for both flexibility and speed of updates. I am no PHP programmer, largely due to lack of time and need to use it, but also I wasn't too keen on the way it jumbled up within the HTML of a web page (although this is partly the personal choice of the programmer of the code I looked at way back when). I've read many comments on design choices within PHP being inherently insecure, but then I've also read comments detailing that these are only insecure when combined with particular programming styles - so where the blame lies is open to much debate :) My comment was based on one incident on a fully patched installation of PHP and PHPBB on a Debian stable server (I think only the last part was missing from my original), as I commented. The rest of my personal dislike was directed at PHPBB, and again is personal opinion - based on far too much time spent clearing out unwanted users and posts. If someone can suggest a could selection of mods and an easy way of maintaining them across updates I may try it again - it is popular enough, so it can't be that bad can it - hmm, could that be said of Windows ;) -- Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/ ==================================================================== Aptanet Ltd. | Registered in England | Company No: 4905028 Registered Office: Crawford House, Hambledon Road, Denmead, Waterlooville, Hants., PO7 6NU -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
