pure-php.de has a new posting today concerning an idea to help with the all around security of PHP scripts everywhere - building a HttpRequest Class to act as an interface between all of the HTTP functionality that PHP normally uses, only sanitized.

First of all PHP is secure, and I am not the only and first one to write it. Many PHP apps has seem to be insecure in the recent time. It has nothing to do with php at all. First of all, no other programming language is disposed to the "evils" (sorry ;-)) outside, scond while php is so easy to learn, some of the developer had no programming language experience before writing apps in PHP, therefor the security problems of the poular phpbb was a good lesson for the PHP community.

It sounds like an interesting idea in theory, but wouldn't it just be a rewrite of all of the HTTP functionality for PHP? Seems a little silly to me when developers can just take a few extra steps in their code to enure that they're not accepting direct input from the user or tained/bad data from any other source...

Thanks to PHP Magazine for the link...