Re: Writing secure PHP programs

From: John Levon (moz@compsoc.man.ac.uk)
Date: 08/09/01

• Previous message: Jerry Connolly: "Re: Writing secure PHP programs"
• In reply to: Ben Ford: "Re: Writing secure PHP programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 9 Aug 2001 12:45:57 +0100
From: John Levon <moz@compsoc.man.ac.uk>
To: Ben Ford <bford@erisksecurity.com>
Subject: Re: Writing secure PHP programs
Message-ID: <20010809124557.A64373@compsoc.man.ac.uk>

On Tue, Aug 07, 2001 at 12:36:17AM -0700, Ben Ford wrote:

> Don't call it a weakness of the language, call it by its true name:
> Lazy Programming.

I think you miss the point. PHP makes it /easy/ to make this mistake. Even people
"with a clue"[1] have to make damned sure they're not relying on having the feature
turned off. Are you arguing this is a good thing in terms of security ?

Polluting the namespace is a really bad idea. It is not an issue of lazy programming.

john

[1] such an attitude does nothing to foster useful discussion, btw

-- 
"They're all fools. Don't worry. Darwin may be slow, but he'll eventually get them." 
	- Matthew Lammers

---

• Previous message: Jerry Connolly: "Re: Writing secure PHP programs"
• In reply to: Ben Ford: "Re: Writing secure PHP programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > secprog  > 2001-08