Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded



On 2008-06-06 11:48 +0900 (Fri), Hung Nguyen Vu wrote:

> What should I do when I see a man with a gun entering my house?

Err..."run away"?

> I still don't understand whyPHP doesn't check the input more carefully.
> It is quite fundamental.

It's also what we call in the computing science world a "hard problem."
In general, most commercial IT applications will hack those and get them
wrong.

On 2008-06-07 09:17 +0900 (Sat), Stephen J. Turnbull wrote:

> Because the generic case is hard to do, and PHP is not about doing
> hard things, it's about making tedious things convenient.

Actually, I've found that it makes tedious things continue to be
tedious. But that's just me....

On 2008-06-07 17:22 +0900 (Sat), Brian Chandler wrote:

> But I don't really see what criticism there could be here of PHP as such. 

We have techniques to prevent people from making such mistakes. PHP doesn't
use them. Thus the criticism.

It's not likely to change, of course, since making more than small
improvements in these sorts of problems requires changing the interface
and breaking compatability with old code.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links