| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Feb 2006 21:48:55 +1100 From: Kevin Waterson <kevin@...ania.net> To: bugtraq@...urityfocus.com Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] This one time, at band camp, Gadi Evron <ge@...uxbox.org> wrote: > 3. Staying on top of new PHP vulnerabilities has become impossible, > popping around everywhere. What vulnerabilities in PHP? Are implying the fault is within the language itself? This is akin to saying C has vulnerabilites because some script kiddie wrote a poor application. > > 4. Determining how secure a PHP application is, looking at the code and > for how silly past vulnerabilities were (i.e. looking at the coder > rather than the code) is now more important than the actual application. As with all web based technologies, security should be the foundation of the application > Much like their self criticism said, PHP needs to grow to a far more > secure language, much like we need to chose more carefully what PHP > software we use. Which self critism is this? > > Some of us have been joking for a while about creating a script to > choose from different paragraph we create, and email bugtraq > re-assembling the randomly with a new PHP bug and a random PHP > application name every few hours. Would any of us be able to readily > tell the difference? Perhaps we can do the same for linux kernel problems and blame it on C? Kind regards Kevin -- "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote."
Powered by blists - more mailing lists