[nylug-talk] PHP Security
Eric
etamme at optonline.net
Sat Dec 30 17:04:30 EST 2006
Ruben Safir wrote:
> On Sat, Dec 30, 2006 at 02:12:41PM -0500, Michael B Allen wrote:
>> On Sat, 30 Dec 2006 13:45:05 -0500
>> Ruben Safir <ruben at mrbrklyn.com> wrote:
>>
>>> BTW - PHP ITSELF is insecure, both in its design, its promotion, and in the
>>> community which designed it.
>> Back that up. No more vague claims. Give me a specific example of
>> something about "PHP ITSELF" that is insecure.
>
>
> No I won't Intelligent people who are doing world access administration can do their
> own research and google the security alerts yourself.
>
> I have a better question. Why would someone do something as insecure as run
> root based admin servers over the web? Boy that is like, well it annoys me slightly.
>
> Magic Slashed ON Simba! A way away!
>
> Ruben
>
>
>
Not having followed the full thread of this holy war.. I am not
certain how relevant my post is, but just to keep the idea of security
in context...
security is completely relative. people do, and use, what they believe
to be the most effective methods to accomplish a goal.
C is insecure.. why would some body write an OS in C when buffer
overflows,format string exploits, etc are so thoroughly explored
allowing arbitrary execution of code? probably because it seemed the
best tool suited for the job.
for those more into physical security.. locks are insecure.. the lock on
your front door can be picked in 5 minutes (if not seconds) by virtually
anyone who has read the MIT lockpick guide and spent $15 on a set of
picks.. I know because i did this to my own front door! yet .. every
house and apartment has a lock?! no iris scanners? no biometric
security?? why not? probably because the lock does the job it needs to
with at least reasonable success, and in a simplistic, efficient fashion.
Now.. this is of course satisficing, but the bottom line is.. security
is relative, and never absolute.. and i think people forget that when
they start getting into "this language is more secure than that language."
..now let the holy (flame) wars continue ;P
-Eric
More information about the nylug-talk
mailing list