Bugtraq mailing list archives
Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Kevin Waterson <kevin () oceania net>
Date: Tue, 2 Jan 2007 14:45:27 +1100
This one time, at band camp, Chad Maron <chad () simianworks net> wrote:
As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion.
agreed, however PHP core Developers will often overlook the PHP communities cries for security tools to implement secure practises. The filter extension goes a long way to addressing this, but still we see issues such as deprecated extensions like the Mimetype Functions that leave a gaping hole in validation of file types without installing extra's from PECL (FileInfo) which is not always available to the person, particularly in a shared hosting environment. -- "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote."
Current thread:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware], (continued)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed (Jan 02)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Ronald Chmara (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Manico (Jan 08)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes (Jan 02)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Lawrence Paul MacIntyre (Jan 04)
- Re: PHP as a secure language? PHP worms? Duncan Simpson (Jan 02)
- RE: PHP as a secure language? PHP worms? Jim Harrison (Jan 02)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Jan 02)