On 05/26/2010 04:08 PM, Stuart Jansen wrote:
On Wed, 2010-05-26 at 15:43 -0600, Steven Alligood wrote:OK, the first part (not leaving car keys with your car) I agree with from a security standpoint. The part about the tailpipe is just plain ridiculous.The statements"I like storing database connection info in *.php files so that it is executed to make it harder to gain access to it." and "I prefer to put the down the tailpipe because you can get it hot enough to burn anyone who tries to steal the car." are proportionally ridiculous. Likewise, each problem's solution is related. Don't leave your keys with your car and don't leave your configs in your document root.If someone wants to add security to their website, don't mock because php is not more secure, and possibly less so than an xml file, but educate them about it.Nah. I'm pretty sure it would have been a waste of my time. The comment reeks of blindly repeated superstition. So long as that's the author's modus operandi, anything I say risks being repeated or rejected equally blindly. More than any other F/OSS technology, PHP and its community has a proven track record of poorly designing solutions and, upon discovering a flaw in the original design, engineering completely ineffective "fixes". So long as the author continues to blindly repeat arguments he's heard from the PHP world, he should expect to be ridiculed. I'm just doing a cameo appearance as the hammer in this episode.
smime.p7s
Description: S/MIME Cryptographic Signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
