> So in this context I wanted to know what experienced
> programmers though about PHP vs Perl as far as security is.
> My thoughts so far having reached lesson 5 in the PHP
> tutorial and noticing that the latest PHP 4.0.3 release has
> some security patches is:
>
> Pro PHP / Con Perl:
> * PHP often seems easier than Perl in its syntax for many
> common web/datbase queries.
> * Variables from forms are automatically available to the
> script they call out without parsing them.
> (can this be abused/used by crackers?)
> * lots of people seem to be using PHP and it seems very
> "in".
> * There are classes available for PHP so you can do object
> orientated programming.
Perls module CGI offers most form parsing as well as quick
functions for most (all) html components and some javascript.
Also having form commands available as variables isnt such
a great it IMO. Best to just load them into an array of some
sort (hash in perls case)
> Con PHP/Pro Perl:
> * Perl is older and more stable than PHP so may have less
> opportunity for buffer overruns and other security holes.
Perl is also a language in and of itself. I can write gtk apps
for example, even just CLI stuff.
I usually use this to update stuff on my pages that doesnt need
to be out of the database every time, news for example. Event
driven, but events outside the web environment.
I dont think php can do this =)
> * Perl is more stable so current apps written with Perl
> 5.004 will run for ages whereas a PHP 4 app might not run
> when PHP 5.0 comes out say next year.
> * Much of your code in PHP seems to be sent to the user when
> the form is requested as its embedded in the HTML so the
> user could look at this and possibly glean info that may
> help them in cracking. In Perl one would tend to generate
> the HTML and just send it (unless it were embedded Perl
> which one can do).
>
> There are prob lots of things that I haven't considered but
> generally given that this must be a reasonably secure
> database does this dictate Perl over PHP or not? Is it more
> a function of how the programmer implements the code?
Implementation will always make or break. You can make anything
full of holes if you want. Thats a problem with hosting cgi =)
Perls outside ability can also be viewed as a con in this respect.
However you can use both, and if your offering hosting, i dont
see why you wouldnt offer both.
An idea would be to put the database on a seperate machine
from the web server. This IMO would tighten things up a little.
Dean
> Mike
> --
> --------------------------------------------------------------------
> Michael Lake
> University of Technology, Sydney
> Email: mailto:[EMAIL PROTECTED] Ph: 02 9514 1724 Fx: 02
> 9514 1628
> URL: http://www.science.uts.edu.au/~michael-lake/
> Linux enthusiast, active caver and interested in anything
> technical.
> --------------------------------------------------------------------
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
--
BONG: http://www.bong.com.au
EMAIL...
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
ICQ: 16867613
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
