It's not a real language, honest

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon May 28 18:04:40 CEST 2007


Wichert Akkerman wrote:
> Previously Arran Cudbard-Bell wrote:
>   
>> Alan Dekok wrote:
>>     
>>> Arran Cudbard-Bell wrote:
>>>   
>>>       
>>>> And what do you have against PHP ?
>>>>     
>>>>         
>>>   Vulnerability vulnerability vulnerability ...
>>>   
>>>       
>> Like what ?
>>
>> You have to be really quite stupid to write PHP code with 
>> vulnerabilities ...
>>     
>
> Unfortunately security is a complex subject and there are lots of people
> out there who are not familiar with its intricacies. 
> And a fair number
> of them seem to want to write PHP applications. 
Yes it's a fluffy language, and so attracts fluffy people.
But it's fluffy reputation isn't justified, it's also a great hacking 
language. It's just as happy
writing out configuration changes to hundreds of switches using 
interactive ssh sessions, as it is running a web forums...
I guess it's just a preference,
I learned PHP while others learned Perl, Python and Ruby.
> Additionally PHP itself
> is not without its own share of problems, as is immediately obvious if
> you look at http://www.php-security.org/ for example.
>   
I'm sure Perl has it's fair shared of security issues, just the people 
who write it tend to be sysadmins,
used to annoying people breaking things in new and horrible ways..
Whereas the people who tend to write PHP tend to be web designers, more 
concerned with how
pretty the page looks than how secure it is.

Two completely different ways of thinking...





More information about the Freeradius-Devel mailing list