Date: Tue, 2 Jan 2007 14:45:27 +1100
From: Kevin Waterson <kevin@oceania.net.>
To: bugtraq@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
Message-Id: <20070102144527.0898676d.kevin@oceania.net.>
In-Reply-To: <8bfaf55819b7f5aede62cf61e191c0be@roomwithamoose.simianworks.net.>
References: <8bfaf55819b7f5aede62cf61e191c0be@roomwithamoose.simianworks.net.>
Organization: Oceania
X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-vine-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
This one time, at band camp, Chad Maron <chad@simianworks.net.> wrote:
> As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion.
agreed, however PHP core Developers will often overlook the PHP communities
cries for security tools to implement secure practises.
The filter extension goes a long way to addressing this, but still we see issues
such as deprecated extensions like the Mimetype Functions that leave a gaping hole
in validation of file types without installing extra's from PECL (FileInfo) which is
not always available to the person, particularly in a shared hosting environment.
--
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."
