[ale] PHP Security (wuz: OT: Why Big Sites Run Drupal)

Leam Hall leamhall at gmail.com
Sun May 6 10:23:21 EDT 2012


That would be said of operating systems and other languages as well, so 
pointing out that PHP is like everything else leaves me confused.

There is a separation between the tool and the usages of the tool. PHP 
has been plagued with a long list of malformed usages. Is it worse that 
any other web tool? Doubtful, as there are few if any real contenders 
for the web space. Java is one, and if you support Java servers you're 
updating 4-6 times a year. None of the other major scripting languages 
are without flaws either so it seems to be a matter of "pick your poison".

The main issue is maintaining that separation between tool and uses of 
the tool. Then you will likely find that PHP is not really any worse, or 
better, than the other tools.

Leam


On 05/05/2012 09:24 PM, Michael Trausch wrote:
> I fail to see how that relates to and/or mitigates the use of an
> interpreter that has a very shaky past, in terms of security. Yes, it is
> possible to shoot yourself in the foot as with C, but that's beside the
> point. Many vulnerabilities published are against PHP or its standard
> library.
>
> Point is, even the safest and most defensive programmers have no hope of
> security if the underlying components aren't themselves secure.
>
> - mike
>
> On May 5, 2012 6:50 PM, "Leam Hall" <leamhall at gmail.com
> <mailto:leamhall at gmail.com>> wrote:
>
>     PHP can be very secure and performant. However, like many good things it
>     is easy to get started and people don't always do the work to get
>     better.
>
>     Leam


More information about the Ale mailing list