<<< Date Index >>>     <<< Thread Index >>>

Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]



This one time, at band camp, Chad Maron <chad@xxxxxxxxxxxxxxx> wrote:


> As far as I'm concerned, PHP is one of the better languages out there it's 
> just that lazy and incompetent pseudo-developers get their hands on tutorial 
> code and copy-paste it into oblivion.


agreed, however PHP core Developers will often overlook the PHP communities 
cries for security tools to implement secure practises.
The filter extension goes a long way to addressing this, but still we see issues
such as deprecated extensions like the Mimetype Functions that leave a gaping 
hole
in validation of file types without installing extra's from PECL (FileInfo) 
which is
not always available to the person, particularly in a shared hosting 
environment.

-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."