News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Chris Shiflett's Blog:
PHP Insecurity
January 24, 2006 @ 06:34:00

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

0 comments voice your opinion now!
insecurity security strong criticism against too much power insecurity security strong criticism against too much power


blog comments powered by Disqus

Similar Posts

PHP.net: PHP 5.3.27 Released - PHP 5.3 Reaching End of Life

Christopher Kunz\'s Blog: How to increase PEAR security (and give admins a fuzzy feeling)

Secunia.com: Red Hat Update for PHP

Chris Shiflett\'s Blog: Essential PHP Security - Forms and URLs

Pádraic Brady: PHP Security: Taking PHP Security Seriously By Taking It Seriously


Community Events

Don't see your event here?
Let us know!


laravel language opinion conference development voicesoftheelephpant library wordpress interview extension unittest laravel5 series framework introduction middleware podcast community release api

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework