> >> A warning for those PHP developers and app maintainers who aren't on > >> the security mailing lists: > > Does PHP stand for Pretty Heavy Problems? > > Programming Has Problems.... > > Any sufficiently dumbed down, easy to implement, solution creates an > inversely equal level of problems in actual use. In this case, the PHP > "session" development was initially implemented (IIRC) as a way for > coding newbies to slap together very simple way of maintaining state > on an inherently stateless medium (http), with expected levels of poor > performance, scalability, and security.
Frequently in security people like to assert that usability and security are a simple trade-off. In some specific instances this is true, but in most cases it's simply false, IMHO. There is often a solution, with the right design, to provide the same level of usability with better security. I'm not trying to put words in your mouth, but you seemed to touch on that assertion. tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
