[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixing stupid PHP application design flaws



On Mon, 02 May 2005, Thijs Kinkhorst wrote:
> Your viewpoint requires shell access for webmasters and that creates extra

Why? It is not too difficult to make your PHP scripts use ../include/foo for
their includes, and that is all it takes to get the crap out of the exported
tree.

> dependencies many of the more affordable webhosts do not offer. As many
> good PHP applications show, it's perfectly well possible to meet the
> upload-only requirement in a sane manner.

There is *no* such a thing.  good application != functional application, the
requirements are much, much higher.  And at least sane error handling, sane
memory and resource consumption, and above all, sane interfaces to other
systems (ever took a look on the php4 LDAP module?) are required in my book.

> There are always applications that are dangerous to install, but they
> would of course not adhere to good design practice in the first place.

The real problem is that too much web applications suffer for the most
idiotic, error-prone, dangerous programming practices we know of, and PHP
applications are a huge chunk of those.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh



Reply to: