Ed Finkler, not normally a big fan of the WordPress PHP-based blogging system, has pointed out some positive steps that were made in the latest release in the security arena.

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.

On Byster.net today, there's this new post detailing some benchmarks they've done with some of the functionality in PHP5.

Included in the list of tests were:

• Reading an integer array
• Parsing variable names
• Splitting out text
• working with a random number generator.

For each of the tests, they have a few different methods of doing the same thing and the results (in milliseconds) plotted out in bar graphs. Some of the results are surprising, but most are expected (if you work with optimizing PHP much at all). It's a good amount of coverage of functionality, though - most aspects of everyday programming are here.