Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Do you whitelist or blacklist utf-8?



On 24 February 2011 09:43, Darren Cook <darren@example.com> wrote:

>> And, yeah, for better security, don't use PHP :)
>
> Do you have any evidence to support that statement?

http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=bugtraq+php
http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=bugtraq+perl

An over-simplification to be sure, but notice that PHP has an order of
magnitude more hits.

> Security always seems, to me, to be dominated by the programmer's
> understanding of security issues; language features are quite minor.
> I.e. the same programmer will write safe or dangerous code whichever
> language he uses.

That is almost certainly true. At the same time, it is possible for
the security-aware programmer's system to be compromised by a
language- or platform-specific vulnerability, and PHP / mod_php have
quite the history of said exploits.


-- 
Cheers,
Josh


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links