Bastien Koert wrote:
php is not the only language susceptible to x-browser attacks... seems unfair to single it out.

Why not? Its the only I've seen that actually has hackability built in! (see below) So it singles itself out, thats the whole point :)

And as previously pointed out, many times it the developer's fault for writing that insecure code

Yes developer does cross-site scripting suseptable code = developer's fault

* but if a script has *only* this as its content:

 <? phpinfo(); ?>

And *that* script has cross-site vulnerabilities is the programmer at fault for writing bad code?

No, he's at fault for using PHP

I rest my case ;)

The only solution is to upgrade the binary.

That SUCKS big time!

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to