andrew holway wrote: > On 29/07/07, Roberto C. Sánchez <roberto@connexer.com> wrote: >> On Sun, Jul 29, 2007 at 08:45:10AM -0700, Seth Mattinen wrote: >>> PHP's problems are typically caused by horrible programming practice - >> Except that such horrible programming practice is *promoted* by the >> language and its developers? I mean, register_globals?!?! > > Which, since I think V4 has been default off. It is still used to > great effect on intranets and non web applications. It's not even an option in PHP6. >>> such as using variables from user input and assuming PHP will make the >>> input safe. Based on server logs, Windows still seems to be a very >>> highly targeted attack vector too. So why make a comment about PHP like >>> that? Based on US-CERT reports, C/C++ applications are a very highly targeted attack vector... > I have found php to be bombproof(especially on debian) as long as the > security updates are kept up. I think this is the same for everything > tho. PHP is like a chainsaw. Very useful in the right hands, and very dangerous in the wrong ones #;-D Regards, Austin.
Attachment:
signature.asc
Description: OpenPGP digital signature