Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
This one time, at band camp, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
> 3. Staying on top of new PHP vulnerabilities has become impossible,
> popping around everywhere.
What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites because some script kiddie
wrote a poor application.
>
> 4. Determining how secure a PHP application is, looking at the code and
> for how silly past vulnerabilities were (i.e. looking at the coder
> rather than the code) is now more important than the actual application.
As with all web based technologies, security should be the foundation of the
application
> Much like their self criticism said, PHP needs to grow to a far more
> secure language, much like we need to chose more carefully what PHP
> software we use.
Which self critism is this?
>
> Some of us have been joking for a while about creating a script to
> choose from different paragraph we create, and email bugtraq
> re-assembling the randomly with a new PHP bug and a random PHP
> application name every few hours. Would any of us be able to readily
> tell the difference?
Perhaps we can do the same for linux kernel problems and blame it on C?
Kind regards
Kevin
--
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."