lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 2 Jan 2007 14:45:27 +1100
From: Kevin Waterson <kevin@...ania.net>
To: bugtraq@...urityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
 malware]

This one time, at band camp, Chad Maron <chad@...ianworks.net> wrote:


> As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion.


agreed, however PHP core Developers will often overlook the PHP communities 
cries for security tools to implement secure practises.
The filter extension goes a long way to addressing this, but still we see issues
such as deprecated extensions like the Mimetype Functions that leave a gaping hole
in validation of file types without installing extra's from PECL (FileInfo) which is
not always available to the person, particularly in a shared hosting environment.

-- 
"Democracy is two wolves and a lamb voting on what to have for lunch. 
Liberty is a well-armed lamb contesting the vote."

Powered by blists - more mailing lists