[Info-vax] OS implementation languages
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Sep 11 08:35:24 EDT 2023
On 2023-09-09, Arne Vajhøj <arne at vajhoej.dk> wrote:
>
> PHP does not have many of the common general flaws like
> buffer overflow and memory leak.
>
> PHP got all the features needing for secure web applications.
>
> Some old features that were questionable from a security
> perspective has been removed. Classic example is register_globals
> that been off by default since version 4.2 (21 years ago) and
> was finally removed in version 5.4 (8 years ago).
>
What about loose equality or continuing execution after something
that should be an error ?
> The most widely used frameworks has added features to make it
> easy to avoid common web security problems. Example: Laravel
> always check for token to prevent CSRF.
>
There is nothing about that which is PHP specific.
> There is every reason to believe that a PHP web application
> created by the average Ada/C++/Scala programmer would be very
> secure.
>
> A PHP application created by the average PGP programmer
> is likely to have big security problems though.
>
And you don't see this as a problem with the language ? Because I do.
> PHP has a big problem. It is an easy language to learn and
> it is quite easy to get some PHP code working. Any idiot can
> write PHP code that works - works in the good case that is.
> So a lot of the idiots does write PHP code.
>
> And we see one disaster after the other.
>
> But that is not really PHP's problem. Unless we consider a
> language being too easy to use as a flaw.
>
When you are writing critical code, there should be a minimum knowledge
and capability/mindset barrier to entry.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list