| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jul 2006 09:54:59 +0200 From: SkyFlash <webmaster@...kquest.de> Cc: bugtraq@...urityfocus.com Subject: Re: Securing PHP or finding PHP alternatives >>2.) From a security standpoint what is a better, open-source replacement >>to PHP? >> > > Ruby, Python, Java, C#, all of which are type safe, and therefore much > more secure. All have open source implementations, including C# > http://www.mono-project.com/Main_Page > > Crispin > Being type safe does not mean you can't screw up when validating user input. Also, PHP can be type safe, if you choose to use it that way. None of these languages will fix badly written code for you, so they aren't more safe. You don't need to secure the specific programming language, you need to secure your own lazy ass producing bad code. Also, there is no better, open source replacement for PHP. I got a good suggestion for you guys... if you don't write any code, it will be PERFECTLY SAFE! How does that sound to management? If you write code, it will have bugs, and it will have security holes, so live with it. No matter how many graphs you draw and talk about it... in the end, it will still have bugs, and you won't be able to quantify them. SkyFlash
Powered by blists - more mailing lists