[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060222214855.144ca895.kevin@oceania.net>
Date: Wed, 22 Feb 2006 21:48:55 +1100
From: Kevin Waterson <kevin@...ania.net>
To: bugtraq@...urityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
This one time, at band camp, Gadi Evron <ge@...uxbox.org> wrote:
> 3. Staying on top of new PHP vulnerabilities has become impossible,
> popping around everywhere.
What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites because some script kiddie
wrote a poor application.
>
> 4. Determining how secure a PHP application is, looking at the code and
> for how silly past vulnerabilities were (i.e. looking at the coder
> rather than the code) is now more important than the actual application.
As with all web based technologies, security should be the foundation of the application
> Much like their self criticism said, PHP needs to grow to a far more
> secure language, much like we need to chose more carefully what PHP
> software we use.
Which self critism is this?
>
> Some of us have been joking for a while about creating a script to
> choose from different paragraph we create, and email bugtraq
> re-assembling the randomly with a new PHP bug and a random PHP
> application name every few hours. Would any of us be able to readily
> tell the difference?
Perhaps we can do the same for linux kernel problems and blame it on C?
Kind regards
Kevin
--
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."
Powered by blists - more mailing lists