Re: Re: PHP security (or the lack thereof)



Trying to make the language 'safe' won't fix it because the language is not the problem. The real problem is the way PHP is presented to most new developers.

PHP has been introduced as a tool for the web developer. As a language its goal is "to allow web developers to write dynamically generated pages quickly." ( http://www.php.net/manual/en/faq.general.php ). The focus then is to enable the web developer by giving him the tools he needs to create dynamic content, with as little hassle as possible. The web developer need only read a short tutorial ( http://www.php.net/manual/en/tutorial.php ) and he is ready to read, understand and implement the ideas presented in the various example scripts on PHP.net. Unfortunately this situation leaves the web developer uninformed and unprepared to face the hostile environment that is the net.

the only real solution is to change the way the language is presented to new developers. It must be presented in a manner that increases the awareness of the developer so that he able to deploy his application in a safe manner. This means that security needs to be taught from the beginning rather than as a footnote, especially on sites where authoritative teaching is given ( such as PHP.net ). - nabiy



Relevant Pages

  • Re: Program slow. Garbage Collection
    ... I realize that this was not for any particular customer, but this happens even in commercial enterprises, believe it or not. ... And when your application has performance problems, then the common reason is a bad algorithm and not the language that you took. ... You can reduce the risks but there will always be that risk. ... And if there is a real problem, then you have to find a good algorithm to solve it (or better: Check the real problem behind and solve that! ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: which should i learn c or c++ ?
    ... >I have a book to learn the C language, but also I have some ebooks to ... >So I have a real problem. ... They'll jump right into using STL, and from your knowledge of C you'll ... productive code before even delving into pointers (by using STL ...
    (alt.comp.lang.learn.c-cpp)
  • Re: why?
    ... explicit within the standard, ... The real problem with the code is that size_t may be an unsigned long. ... > You would get a different result in a very similar language, ... Although the implicit int declaration in the code above would likely ...
    (comp.lang.c)
  • Re: Space Shuttle Frequencies (UK) ??
    ... as usual zpk, in his inimitable style, has rubbished the language. ... clearly lacks the ability to understand and express the very basic units ... his real problem is that he rushes in to "score points" but just ...
    (uk.radio.amateur)
  • Re: Mass Style modification?
    ... select all and go to Tools> Language. ... > check" in the language setting. ... > The real problem is that I have several complex multi-style document ... > templates that I work from and somehow, ...
    (microsoft.public.mac.office.word)