* Arthur Corliss <acorliss@nevaeh-linux.org> [121011 10:28]:
> On Thu, 11 Oct 2012, Tim Johnson wrote:
>
> > Glad to see that there are a couple of drupalers on this LUG.
> > I can learn PHP. Some pythonists and perlmonks tend to dis PHP,
> > but this pythonist doesn't. Programming is programming.
>
> Eh, perhaps because PHP steals good ideas from other languages, then
> implements them poorly, inconsistently, and usually half broken. And if
> that doesn't put you off enough, their <ahem> "security" record is enough
> evidence for me. Drupal, wordpress, etc., might be worthy CMSs in their
> own right, but when the core language they're built on is a gaping attack
> vector, I have no use for them.
>
> Lipstick on a pig. Pucker up.
perlmonk alert! perlmonk alert! ... And this pythonist agrees.
Arthur has provided my cover from incoming PHPist flak. So, I'm
just going to fire away here...
1)Many agree that PHP is not designed well. extract() writes
will-nilly to the global symbol table? Holy crap! Bad idea, *but*
I don't have to use it in my own PHP code do I? Of course, I'm
sure the drupal resources are using extract(). I know that
CodeIgnitor does.
2)Could it be that some of the bad rep that PHP has for security
flaws arose because there are so many PHP coders and many of those
didn't start out as I did or I presume Arthur did by writing CGI
interfaces from the ground up, with security in mind?
3)IOWS could not a programmer who learned good habits from other
languages manage the "attack vector".
4)Are there add-ons to drupal to improve PHP security?
5)Are there add-ons to PHP to import security?
Any PHP coders here? Be gentle with Arthur.
-- Tim tim at tee jay forty nine dot com or akwebsoft dot com http://www.akwebsoft.com --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Thu Oct 11 10:56:14 2012
This archive was generated by hypermail 2.1.8 : Thu Oct 11 2012 - 10:56:14 AKDT