----- Original Message -----
From: "vh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 9:28 AM
Subject: Re: Ten least secure programs
> Sunday, June 29, 2003, 2:08:38 AM, you wrote:
>
> CB> I'm putting together a list of what seem to be the ten least secure
computer
> CB> items in use today with the idea of having a set of things to
recommend
> CB> AGAINST people using, probably to be posted on the IT room door with a
note
>
> CB> 6) PHP
>
> What is a point to place PHP here?
> I always thought that PHP is rather secure, at last more secure
> than others. So, what should I use instead?
> I'd like to hear opinions whether such things like ASP, JSP or Perl
> are preferable than PHP...
>
> Any comments?
PHP isn't the worst thing, it's just less robust and secure than other
interfaces and languages. PHP has problems with security issues and bugs
with both the CGI and module interfaces, whereas Perl, C, C++, etc. do not.
I don't recommend ASP, and I don't like JSP (personally), but I don't think
you should stop using PHP. As mentioned previously, it's mostly an issue
with coding (as is a problem in *any* language) that poses security issues,
though some of the bugs or issues in the interface/language function(s)
itself, can be an issue still--especially if the script is coded to allow
those exploits in PHP to be exploited.
--
Regards,
Tim Greer [EMAIL PROTECTED]
Server administration, security, programming, consulting.
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
