On Sun, May 15, 2005 at 05:36:12PM +1200, Steve Holdoway wrote: > Now that doesn't include those brought on by poor scripting, of which > there are plenty ( like phpBB only a couple of months ago ). But > pointing the finger at the programming language in these cases is rather > unfair.
there is the rub. because php is so easy to insert into html, people use it without learning to properly code first. they just copy pieces of code that they do not understand themselves and make them work. php thus encurages bad coding (register_globals?) and there is so much bad code out there that it is hard to find the few good pieces of which yours might be one. as a service provider where you need to allow users to run their own php code, you can not point to a particular piece as being insecure, because you don't know what the users are running. hence you end up lumping them all together into "php is a security nightmare" i don't deny that there surely is good php code out there, and there is certainly also bad code in other languages. but the signal/noise ratio for php is just worse than other languages so i tend to stay away from it. the track record of php apps makes code reuse very hard and creates extra work for me. perl has it own problems. both were not designed to create large applications. leaves python and pike of which i prefer pike for the reason i gave among others (even though i very much like the syntax of python as it encurages writing good code) greetings, martin. -- cooperative communication with sTeam - caudium, pike, roxen and unix offering: programming, training and administration - anywhere in the world -- pike programmer travelling and working in europe open-steam.org unix system- bahai.or.at iaeste.(tuwien.ac|or).at administrator (caudium|gotpike).org is.schon.org Martin B�hr http://www.iaeste.or.at/~mbaehr/
