Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

PHP security More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Uh Oh (Score:2)

by Ovid (2709) on 2006.12.11 7:02 (#52199) Homepage Journal

I have to admit that I'm very curious as to the backstory here. I hope that it's not a simple matter of core PHP people just not being overly concerned about security. It could be something akin to the MS situation where MS is in the terrible position of having to ensure that patches work on hundreds, if not thousands, of configurations (different hardware, different OSs, different patch levels, different software installed, etc.) Somehow, though, I suspect the worst :(

Reply to This
- Re: (Score:2)
  
  by rafael (2125)
  
  Reading more articles in this blog reveals what the main concern of the author -- that the PHP community tends to blame applications written in PHP for the poor security, but usually rejects critics on the language and its implementation.
  As somebody having some experience of language design, I can see three kinds of problems. The first one, also the simplest, is applications written with no clue about security. For example, a web form to send email, where the recipient is coded into an hidden input field --
- Re: (Score:1)
  
  by chromatic (983)
  
  Don't discount personality conflicts either. As with any technical community, there are some people who don't mix very well. (You can usually remove the word "technically" from the previous sentence.)

Get More Comments

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.