[Info-vax] OS implementation languages
Arne Vajhøj
arne at vajhoej.dk
Sat Sep 9 11:16:02 EDT 2023
On 9/8/2023 12:40 PM, bill wrote:
> On 9/8/2023 10:03 AM, Dan Cross wrote:
>> In article <km0l0iF8emlU3 at mid.individual.net>,
>> bill <bill.gunshannon at gmail.com> wrote:
>>> On 9/7/2023 9:18 AM, Dave Froble wrote:
>>>> My moment of enlightenment was the day I was told I wasn't a "real
>>>> programmer" since I didn't know or use PHP. Guy didn't even know what
>>>> assembly language was. It's actually a bit scary.
>>>
>>> I'm a real programmer. I know PHP and that's why I don't use it.
>>
>> This seems apropos:
>> https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/
>
> That was good. Even some stuff in there I didn't already know about.
> But my biggest argument was how it works so very hard to make security
> in the environment it is most used (the web) totally nonexistent.
Totally opposite.
PHP does not have many of the common general flaws like
buffer overflow and memory leak.
PHP got all the features needing for secure web applications.
Some old features that were questionable from a security
perspective has been removed. Classic example is register_globals
that been off by default since version 4.2 (21 years ago) and
was finally removed in version 5.4 (8 years ago).
The most widely used frameworks has added features to make it
easy to avoid common web security problems. Example: Laravel
always check for token to prevent CSRF.
There is every reason to believe that a PHP web application
created by the average Ada/C++/Scala programmer would be very
secure.
A PHP application created by the average PGP programmer
is likely to have big security problems though.
There may be a million people doing PHP professionally, but
there are many millions doing PHP for hobby programming.
PHP has a big problem. It is an easy language to learn and
it is quite easy to get some PHP code working. Any idiot can
write PHP code that works - works in the good case that is.
So a lot of the idiots does write PHP code.
And we see one disaster after the other.
But that is not really PHP's problem. Unless we consider a
language being too easy to use as a flaw.
Arne
More information about the Info-vax
mailing list