[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] PHP Alternatives?

On Mon, Jul 16, 2012 at 02:06:04PM -0400, Ben Mendis wrote:

> And Dan Kaminsky and Jeremiah Grossman are not the only two security
> guys who have come to this conclusion.
>
> Sure, PHP isn't my favorite language... but blaming bad code on PHP, and
> assuming that changing the language is a panacea for security, is pretty
> silly. I've seen bad code in nearly every language I've ever
> encountered. Even in the Haskell world you can find examples of bad,
> insecure code. PHP isn't inheirently impossible to secure, most of the
> vulnerabilities people find in the PHP webapps are things that could
> affect webapps written in _any_ language, not something inheirent to the
> PHP platform.

Nevertheless the greatest offender remains PHP. Whether poor programmers
choose a poor tool it doesn't really matter. The result is that for me
personally any world-facing PHP is a major liability. It takes overproportional
amount of care to keep these secure.
Reply to: