Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Terry Chay's Blog:
PHP Security, the Oxymoron
Aug 11, 2005 @ 05:42:30

Chris Shiflett has a link in his latest weblog post today where Terry Chay talks about "PHP Security, the oxymoron".

I think that when most people hear "PHP" and "security" used in the same sentence, it seems about as out-of-place as, say, putting "Rasmus" and "Terry" in the same sentence. Basically this thread summarizes how most people view PHP security.

He goes on, giving four main points/excuses that people give about PHP's security, and refuting each one:

  • PHP has the worst security history of any language.
  • PHP shoves a mess of shit into the global namespace (or other assorted digs on register globals).
  • PHP doesn’t have the concept of a prepared statement.
  • PHP security cures (magic quotes, safe mode, stripslashes) are sometimes worse than the disease.

Read on for the full story...



Trending Topics: