Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

[Kevin Waterson <kevin () oceania net>]

This one time, at band camp, Gadi Evron <ge () linuxbox org> wrote:
 

> 3. Staying on top of new PHP vulnerabilities has become impossible, 
> popping around everywhere.

What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites because some script kiddie
wrote a poor application.

> 4. Determining how secure a PHP application is, looking at the code and 
> for how silly past vulnerabilities were (i.e. looking at the coder 
> rather than the code) is now more important than the actual application.

As with all web based technologies, security should be the foundation of the application

> Much like their self criticism said, PHP needs to grow to a far more 
> secure language, much like we need to chose more carefully what PHP 
> software we use.
Which self critism is this?

> Some of us have been joking for a while about creating a script to 
> choose from different paragraph we create, and email bugtraq 
> re-assembling the randomly with a new PHP bug and a random PHP 
> application name every few hours. Would any of us be able to readily 
> tell the difference?

Perhaps we can do the same for linux kernel problems and blame it on C?

Kind regards
Kevin


-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."