PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ken Guests' Blog:
Is PHP vulnerable software?

byChris Cornutt Aug 27, 2008 @ 15:28:40

In response to some of the claims made by CNet about the security of PHP, Ken Guest has made a few comments on his blog hoping to correct a few wrongs.

What are featuring in IBMâ€™s top ten of vulnerable that makes the report insinuate that the PHP language is a security risk are Jooma, Wordpress and Drupal. How PHP would feature in a list of "vendors" is beside the point.

He illustrates with an allegory that it's not the tool's fault if it's used improperly. Pointing out software like WordPress and Drupal is not the same as pointing out issues with the language that powers them (no matter how trendy it is). The burden is on the developers to use the power the language offers to create more secure, flexible, stable applications. Does PHP have its share of problems? Sure, but get it right next time CNet - don't blame the tool if the builder's not up to spec.