Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Kevin Waterson <kevin@xxxxxxxxxxx>
Date: Tue, 2 Jan 2007 14:45:27 +1100
In-reply-to: <8bfaf55819b7f5aede62cf61e191c0be@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Oceania
References: <8bfaf55819b7f5aede62cf61e191c0be@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

This one time, at band camp, Chad Maron <chad@xxxxxxxxxxxxxxx> wrote:

> As far as I'm concerned, PHP is one of the better languages out there it's 
> just that lazy and incompetent pseudo-developers get their hands on tutorial 
> code and copy-paste it into oblivion.

agreed, however PHP core Developers will often overlook the PHP communities 
cries for security tools to implement secure practises.
The filter extension goes a long way to addressing this, but still we see issues
such as deprecated extensions like the Mimetype Functions that leave a gaping 
hole
in validation of file types without installing extra's from PECL (FileInfo) 
which is
not always available to the person, particularly in a shared hosting 
environment.

-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."

References:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Chad Maron

Prev by Date: lblog Remote Password Disclosure
Next by Date: Openforum Remote password Disclosure
Previous by thread: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Next by thread: Dailymotion password reset vulnerability
Index(es):
- Date
- Thread