Am Mittwoch, den 23.02.2005, 21:18 +0100 schrieb Murray Cumming: >On Wed, 2005-02-23 at 21:14 +0100, Murray Cumming wrote: >> Do bear in mind that I know nothing about competing systems. I'm just >> trying phpwebnotes because someone gave me a patch to use it. > >I also forgot to ask whether anyone here can judge whether this is >secure php, because I so often hear that php code is not secure. Would >you allow this on the gnome servers?
It would be wrong to say that all php code is not secure. php is just like every other language, if you know how to use it properly it is possible to write good and secure code. Unfortunately php is not only used by the people who really know how to code it, but also by many people who learned the basics with trial and error or online tutorials, which often make use of insecure ways to achieve something or are just not up to date (e.g. wrt register_globals) . I think that this is the main reason causing insecure code and php's bad reputation. I had a first glance at phpwebnotes' CVS and scanned through it, looking for potentially dangerous functions like unsafe system calls, possible SQL injections and so on. I would not attest its security on oath, but I was not able to find a misuse of php's possibilities while scanning its source. Although most of its files were modified 2 years ago, and the latest commit 8 was months ago, I think it would be fine to use it after further, more in-depth checking since it is also used at php.net without big problems. Regards, -- Hendrik _______________________________________________ gnome-web-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-web-list
