lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Jan 2007 18:03:38 -0500
From: Chad Maron <chad@...ianworks.net>
To: bugtraq@...urityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

Hrm, this is a topic that always angers me. I agree that PHP has some glaring imperfections (what's the order of operations for explode? implode? join? split? Which one uses regex? Or what about a laughable excuse for objects until version 5), but I think it's the programmer that should be held accountable for *most* of the bad code and buggy software out there.

I think the big problem is people going into programming that have no business being there. They do it for the money and could care less if their code is well written, elegant, robust, secure, or working. Some of
the worst code I've ever seen (both in person and on sites like thedailywtf.com) are from people who obviously read that Java and VB .Net are the new 'it' languages and take a few courses or get a certification.

As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion.

BUT... that's just my two cents.

Powered by blists - more mailing lists