Re: PHP security (or the lack thereof)

To: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP security (or the lack thereof)
From: john mullee <jmullee@xxxxxxxxx>
Date: Thu, 22 Jun 2006 13:15:12 +0100 (BST)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=2tEetW/xnE7JhBxJ6W7vTiEXh+if2is5eXzV/zcdt3KdNXxaTWGut+lZ6ybyZM0kVxf2vvKNuMGEDeP9YnbLXr/gBdRlkCXBLqD3Z+ycAJUbLuLY0m+HVv/5vRZbvix6wkJeSyI3woKU9B1+fnOkqzrmi+hydXZRyJROZQ5cmpI= ;
In-reply-to: <200606161121.k5GBLuLK002378@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: jmullee@xxxxxxxxx

--- Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx> wrote:
> From my own mail archives, PHP appears to make up at least 4%
> of the email to bugtraq I see - or over 1000 issues since 1995,
> out of the 25,000 I have saved.
> 
> People complain about applications like sendmail...in the same
> period, it has been resopnsible for less than 200.
> 
> Do we have a new contender for worst security offender ever
> written ?

I guess most of the remaining offending apps were written in C: as much as 96% 
?!!
(including basically all of microsoft's stuff!!)

Surely the least secure language of all time !!!

Note also that no vulnerable apps were written in:
 - cobol, rpg3, prolog, ada, scheme, lisp, pl/1, occam, modula-2, or MIX

We're planning to roll out our next enterprise ecommerce grid as a set of
modula-2 plugins to cobol-based container controlled by a dynamic gridded
application matrix written in prolog, all running on highly parallel
lisp machines.

;)

john

___________________________________________________________ 
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease 
of use." - PC Magazine 
http://uk.docs.yahoo.com/nowyoucan.html

Follow-Ups:
- Re: PHP security (or the lack thereof)
  - From: Darren Reed

References:
- PHP security (or the lack thereof)
  - From: Darren Reed

Prev by Date: Re: PHP security (or the lack thereof)
Next by Date: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion
Previous by thread: RE: [lists] Re: PHP security (or the lack thereof)
Next by thread: Re: PHP security (or the lack thereof)
Index(es):
- Date
- Thread