<<< Date Index >>>     <<< Thread Index >>>

Re: PHP security (or the lack thereof)



Salut,

On Sun, 2006-06-25 at 08:42 +1000, Darren Reed wrote:
> There have barely a *handful* of JRE/JVM security problems.

I know for the fact that there are quite some though. Also, what should
one think about a company that didn't manage to fix a simple path
traversal vulnerability in their jar(1) utility in almost a year? The
same goes for the serialization DoS.

I really like Sun Fire servers, but I can't agree that Java is the
bug-free issue-free big white horse. Especially not if you need a couple
of hundreds of megabytes of RAM just to run java -version...

As to useable Java applications: there are such nice things like Tomcat,
the Java web server. The funniest thing about it is that it starts up so
unbelievably slowly, and while everyone tells you that the JIT business
is going to optimize the slowness away in just a day or two, it needs a
restart every 20 hours or it will stop responding. Maybe this is the
-fomit-instructions optimization the Gentoo people are so fond of?

The same goes for my java.core collection. I keep it right next to my
bash.core and cc1.core files.

So, by "free of issues", are you talking about a Java implementation
from a parallel universe?

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach BL
Web:www.sygroup.ch      tonnerre.lombard@xxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part