[Freedombox-discuss] PHP is not the problem, security is!

Jonas Smedegaard dr at jones.dk
Mon Jul 16 15:11:19 UTC 2012


Hi Rob,

On 12-07-16 at 02:23pm, Rob van der Hoeven wrote:
> I fully agree that we should try to avoid using PHP, but i also think 
> that this alone does not solve a very basic problem that the 
> FreedomBox community MUST solve.

I like your "also" above - but find your email topic misleading.


> The FreedomBox should isolate programs and their data from each other. 
> This is the only way to minimize the damage from programs that 
> misbehave.

Not the only one: A better way to minimize damage (which I recommend for 
PHP-based services) is to not run the service at all ;-)


> My own Wordpress blog runs safely inside a Virtual Machine and cannot 
> access any data from other programs. PHP is not a problem here.

Safe(r) against full takeover of the box, yes.  But the use of PHP still 
puts your blog content at risk.


 a) Avoid code with bad reputation.
 b) Be sceptical about all code.



 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120716/f17afa1a/attachment.pgp>


More information about the Freedombox-discuss mailing list