Re: PHP security (or the lack thereof)
- From: john mullee <jmullee@xxxxxxxxx>
- Date: Thu, 22 Jun 2006 13:15:12 +0100 (BST)
--- Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx> wrote:
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like sendmail...in the same
period, it has been resopnsible for less than 200.
Do we have a new contender for worst security offender ever
written ?
I guess most of the remaining offending apps were written in C: as much as 96% ?!!
(including basically all of microsoft's stuff!!)
Surely the least secure language of all time !!!
Note also that no vulnerable apps were written in:
- cobol, rpg3, prolog, ada, scheme, lisp, pl/1, occam, modula-2, or MIX
We're planning to roll out our next enterprise ecommerce grid as a set of
modula-2 plugins to cobol-based container controlled by a dynamic gridded
application matrix written in prolog, all running on highly parallel
lisp machines.
;)
john
___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html
- Follow-Ups:
- Re: PHP security (or the lack thereof)
- From: Darren Reed
- Re: PHP security (or the lack thereof)
- References:
- PHP security (or the lack thereof)
- From: Darren Reed
- PHP security (or the lack thereof)
- Prev by Date: Re: PHP security (or the lack thereof)
- Next by Date: [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion
- Previous by thread: Re: PHP security (or the lack thereof)
- Next by thread: Re: PHP security (or the lack thereof)
- Index(es):
