|lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives
Date: Tue, 2 Jan 2007 14:45:27 +1100 From: Kevin Waterson <kevin@...ania.net> To: bugtraq@...urityfocus.com Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] This one time, at band camp, Chad Maron <chad@...ianworks.net> wrote: > As far as I'm concerned, PHP is one of the better languages out there it's just that lazy and incompetent pseudo-developers get their hands on tutorial code and copy-paste it into oblivion. agreed, however PHP core Developers will often overlook the PHP communities cries for security tools to implement secure practises. The filter extension goes a long way to addressing this, but still we see issues such as deprecated extensions like the Mimetype Functions that leave a gaping hole in validation of file types without installing extra's from PECL (FileInfo) which is not always available to the person, particularly in a shared hosting environment. -- "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote."
Powered by blists - more mailing lists