<<< Date Index >>>     <<< Thread Index >>>

Re: PHP security (or the lack thereof)



> Do you not think stuff like this should be pointed out to the public so
that
> when selecting a web host they know that one who supports PHP may be
putting
> them at extreme risk compared to one who is a bit more security conscious?

Well then we better start having web hosting companies who support ASP,
Perl, CGI etc. be pointed out to the public so that when selecting a web
host they know that they might be being put into an extreme risk situation.



It's not the language, it's the programmer. If a programmer, no matter what
the language might be, programs insecure and improperly then it comes down
to the programmer to learn do proper coding and security of the application
be it for the web or for a desktop based program. Improper coding in an ASP
or Perl scripts can cause just as much trouble as improper coding in a PHP
script.