On Thu, Jan 11, 2007 at 12:05:45PM -0500, Ilia Alshanetsky wrote: > > On 11-Jan-07, at 9:41 AM, Alain Williams wrote: > > >This has just appeared: > > > > http://www.theregister.co.uk/2007/01/11/php_apps_security/ > > Of many people who use PHP not many have strong programming > background and even fewer experience with security. The use PHP > because it makes it easy to solve problems, especially in a web > environment. When you consider this it is hardly surprising that many > people write bad and/or insecure code. While PHP does try to make > things better, and occasionally has bugs in the language core you > need to realize that PHP is a programming language. As such if you > really want to shoot yourself in the foot you can, just as you can do > with C/C++/Perl/Python/etc...
I think that everyone would agree with that. The discussion is how PHP can help them to discover problems in their scripts. This is what led to Wietse Venema's suggestion about tainting a few weeks ago. These may be things that members of this forum do not feel that they need, but the ''quality'' of the majority of PHP programmers is such that they would be of benefit. To an extent it is an accolade to PHP that novice/... programmers can use it do create applications, it just puts a greater burden on us to do what we can to protect them from their own problems. -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include <std_disclaimer.h> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
