Bugtraq mailing list archives
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Kevin Waterson <kevin () oceania net>
Date: Wed, 22 Feb 2006 21:48:55 +1100
This one time, at band camp, Gadi Evron <ge () linuxbox org> wrote:
3. Staying on top of new PHP vulnerabilities has become impossible, popping around everywhere.
What vulnerabilities in PHP? Are implying the fault is within the language itself? This is akin to saying C has vulnerabilites because some script kiddie wrote a poor application.
4. Determining how secure a PHP application is, looking at the code and for how silly past vulnerabilities were (i.e. looking at the coder rather than the code) is now more important than the actual application.
As with all web based technologies, security should be the foundation of the application
Much like their self criticism said, PHP needs to grow to a far more secure language, much like we need to chose more carefully what PHP software we use.
Which self critism is this?
Some of us have been joking for a while about creating a script to choose from different paragraph we create, and email bugtraq re-assembling the randomly with a new PHP bug and a random PHP application name every few hours. Would any of us be able to readily tell the difference?
Perhaps we can do the same for linux kernel problems and blame it on C? Kind regards Kevin -- "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote."
Current thread:
- new linux malware Gadi Evron (Feb 20)
- Re: new linux malware Christine Kronberg (Feb 21)
- PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron (Feb 22)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Christine Kronberg (Feb 21)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Thomas M. Payerle (Feb 26)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Feb 24)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jamie Riden (Feb 26)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros (Feb 26)
- PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron (Feb 22)
- Re: new linux malware Christine Kronberg (Feb 21)
- Re: new linux malware Gadi Evron (Feb 22)
- Re: new linux malware Jamie Riden (Feb 23)