Re: non-PHP webmail

To: debian-isp <debian-isp@lists.debian.org>
Subject: Re: non-PHP webmail
From: Seth Mattinen <sethm@rollernet.us>
Date: Sun, 29 Jul 2007 08:45:10 -0700
Message-id: <[🔎] 46ACB606.6010204@rollernet.us>
In-reply-to: <[🔎] 1185723513.8498.7.camel@localhost>
References: <[🔎] 1185685582.21614.0.camel@localhost> <[🔎] 46AC4563.3040603@goirand.fr> <[🔎] 1185723513.8498.7.camel@localhost>

Jim Popovitch wrote:

On Sun, 2007-07-29 at 15:44 +0800, Thomas Goirand wrote:

Jim Popovitch wrote:

Whats a good, non-PHP based, client webmail application for about 50
user accounts?

Thx,

-Jim P.

What's wrong with PHP?


Based on server logs, PHP still seems to be a very highly targeted
attack vector.  Considering that it's impossible for me to have
up-to-date information on every possible security hole out there, it
only seems prudent to avoid utilizing software that others consider such
a highly valued target.  This isn't security by obscurity, it's security
by common sense.

PHP's problems are typically caused by horrible programming practice -such as using variables from user input and assuming PHP will make theinput safe. Based on server logs, Windows still seems to be a veryhighly targeted attack vector too. So why make a comment about PHP likethat?


Sorry to interject this, but that comment smacks of ignorance to me.

~Seth

Reply to:

Follow-Ups:
- Re: non-PHP webmail
  - From: Marcin Owsiany <porridge@debian.org>
- Re: non-PHP webmail
  - From: Jim Popovitch <yahoo@jimpop.com>
- Re: non-PHP webmail
  - From: Roberto C. Sánchez <roberto@connexer.com>

References:
- non-PHP webmail
  - From: Jim Popovitch <yahoo@jimpop.com>
- Re: non-PHP webmail
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: non-PHP webmail
  - From: Jim Popovitch <yahoo@jimpop.com>

Prev by Date: Re: non-PHP webmail
Next by Date: Re: non-PHP webmail
Previous by thread: Re: non-PHP webmail
Next by thread: Re: non-PHP webmail
Index(es):
- Date
- Thread