Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
On Tue, 24 Dec 2013 17:08:48 +0100
Raffaele Morelli <raffaele.morelli@gmail.com> wrote:
> 2013/12/24 Reco <recoverym4n@gmail.com>
>
> >
> >
> > > > That's one way of doin' it. Now, to rely on poorly-implemented
> > > > 'security' features of PHP - that's something really not worth doing.
> > >
> > >
> > > That's absolutely you point of view, a wise and skilled developer does
> > > everything safe, a poor minded simply does not.
> >
> > Sadly, 'wise and skilled' label cannot be applied to a majority of
> > developers writing something in PHP. Or any Web developer for that
> > matter. Of course, you might be an exception.
> >
>
> IMHO your claim is a little bit conceited, it sounds like a self-styled web
> developer "guru" talking to his ego.
Have I offended you somehow? Why this personal attack?
Still, the only thing that I know about PHP is one should stay clear of
it unless necessary. And even in the last case, one should avoid using
PHP for any purpose.
This opinion comes from:
http://www.debian.org/security/
http://seclists.org/bugtraq/
http://seclists.org/fulldisclosure/
And last, but not least:
http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
PS I'm not a developer. I'm that guy they call to clean up the mess
that developers wrote.
Reco
Reply to: