[Info-vax] OS implementation languages
Arne Vajhøj
arne at vajhoej.dk
Sun Sep 10 14:16:48 EDT 2023
On 9/10/2023 11:55 AM, David Wade wrote:
> On 10/09/2023 14:03, Johnny Billquist wrote:
>> On 2023-09-10 02:54, Arne Vajhøj wrote:
>>> Millions of web sites running PHP indicate that PHP is a good
>>> fit for solving web security problems.
>
> As someone who manages a few web sites running PHP based content
> management systems, I feel the frequency with which I have to apply
> security fixes indicates the opposite.
>
> I also haven't looked for a while, but when I did I found that much of
> the spam and many of the phishing attacks I receive were delivered via
> compromised web servers running PHP based
The CMS market is really dominated by PHP.
There are some Java CMS (AEM, Alfresco etc.), some .NET CMS
(SiteCore, Umbraco etc.) and some Python CMS (Django etc.),
but the vast majority of CMS are written in PHP.
There are hundreds of PHP CMS.
I still see that dominance as an indication of
PHP suitability for the task. If something in Java or
.NET or Python in general better met the users need, then the
market situation would be different.
But with hundreds of PHP CMS, then there will obviously
be some deviation in code quality.
And (as elaborated in previous post) then the fact that
PHP is very easy to get started with means there
is a lot of crappy PHP code being written.
For professional usage then I would recommend
going with a CMS that actually is just a CMS,
a content repository with management tools that
get built a custom web application on top of.
The CMS that are CMS with a complete and ready to
run portal on top are pretty cool for a boss demo
because it takes 5 minutes to get an advanced web
site up and running. But the quality is often
questionable.
And then there is the problem of CMS portals
that started as something simple and got extended
way out of what the original design was intended
for. The classic example is WordPress - a blogging
system that has gotten extended to full CMS, internet
discussion forum, learning management system, web shop
and 117 other things. Extending something that much
is bound to create problems.
For personal usage then anyone looking for a CMS
should look careful - not just at the flashy startup
page but also on like vulnerability history.
Arne
More information about the Info-vax
mailing list