PHP is in contention for an XML/RPC server/client system for the configuration panel of IPCop (http://ipcop.org) a stand-alone firewall project running on stock hardware with a stripped-down RedHat Linux.
This project is a fork from the more infamous SmoothWall, without the, ahem, project manager's unique personal skills... :-) The current criteria are: #1 Security (duh) #2 Size (small footprint) for RAM and boot floppy distro usage. #3 Speed (reasonable performance is required) I know PHP "wins" on #2 and is on par on #3. A bone of contention is, obviously, the security reputation of PHP. The team is willing to concede that bad installation accounts for most of the problems -- But are still concerned about buffer overflow attacks. I'd love to hear that there are no known buffer overflow attacks in PHP core (the Zend Engine) nor in the XML/RPC extension, and both have undergone a close-scrutiny code audit by security-experienced personnel, preferably somebody with a verifiable reputation in security. I'd be happy to hear that virtually all of the past buffer overflow attacks occurred in third-party extensions, and the XML/RPC extensions have been largely immune. I'd be content to find out that PHP is just not the right choice... There is no problem with running 4.2.0 if that is required to be secure. -- Got Music? http://l-i-e.com/artists.htm -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
