[Freedombox-discuss] PHP Alternatives?
Eugen Leitl
eugen at leitl.org
Tue Jul 17 07:46:02 UTC 2012
On Mon, Jul 16, 2012 at 02:06:04PM -0400, Ben Mendis wrote:
> And Dan Kaminsky and Jeremiah Grossman are not the only two security
> guys who have come to this conclusion.
>
> Sure, PHP isn't my favorite language... but blaming bad code on PHP, and
> assuming that changing the language is a panacea for security, is pretty
> silly. I've seen bad code in nearly every language I've ever
> encountered. Even in the Haskell world you can find examples of bad,
> insecure code. PHP isn't inheirently impossible to secure, most of the
> vulnerabilities people find in the PHP webapps are things that could
> affect webapps written in _any_ language, not something inheirent to the
> PHP platform.
Nevertheless the greatest offender remains PHP. Whether poor programmers
choose a poor tool it doesn't really matter. The result is that for me
personally any world-facing PHP is a major liability. It takes overproportional
amount of care to keep these secure.
More information about the Freedombox-discuss
mailing list