[Info-vax] OS implementation languages
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Sep 11 08:42:31 EDT 2023
On 2023-09-09, bill <bill.gunshannon at gmail.com> wrote:
>
> Which means what in the concept of security? It has nothing
> to do with the syntax or even the function of the programs
> written with it. The problem resides in the PHP interpreter
> and the programmer has no control over it. If certain features
> are turned on, PHP can be coerced to execute arbitrary commands
> on the machine running the web server that is supporting PHP.
>
If you can turn on those features, it means you can run PHP with
them turned off. It's no different from writing SQL code without
doing any sanitisation of input.
> Unless someone actually fixed this. I have been out of that game
> for almost 10 years now. But I would still never trust PHP.
>
And that would be a very wise move, given the nature of PHP.
However, it doesn't mean there's something at the core of PHP that's
always turned on that can't be worked around by someone who knows
what they are doing.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list