PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Terry Chay's Blog:
PHP Security, the Oxymoron

byChris Cornutt Aug 11, 2005 @ 10:42:30

Chris Shiflett has a link in his latest weblog post today where Terry Chay talks about "PHP Security, the oxymoron".

I think that when most people hear "PHP" and "security" used in the same sentence, it seems about as out-of-place as, say, putting "Rasmus" and "Terry" in the same sentence. Basically this thread summarizes how most people view PHP security.

He goes on, giving four main points/excuses that people give about PHP's security, and refuting each one:

PHP has the worst security history of any language.
PHP shoves a mess of shit into the global namespace (or other assorted digs on register globals).
PHP doesnâ€™t have the concept of a prepared statement.
PHP security cures (magic quotes, safe mode, stripslashes) are sometimes worse than the disease.

Read on for the full story...

tagged:

Link: