PHP Insecurity
Locked Asked Modified Viewed 3,054 times
seoruchi
seoruchi 10
- Newbie, joined since
- Contributed 1 post on the community forums.
- Started 1 thread in the forums
- Started this discussions
A widely used Web development framework is said to be riddled with security holes.
PHP is a Web development framework that's at the heart of some of the most important Web applications today. PHP powers Wikipedia. PHP runs websites at National Public Radio, Sourceforge, and the state of Rhode Island, to name a few. Indeed, every time you see a URL that ends ".php," that's a sign that PHP is helping deliver you your Web pages.
So given the current state of computer software, it should be expected that the PHP run-time system has some bugs in it, and that some of these bugs are security bugs. All software has bugs in it, after all.
But PHP has more than a few security bugs: in many ways PHP is fundamentally flawed. The program, whose initials originally stood for Personal Home Page, was designed without much thought given to security. Many of the PHP features that make it really easy to write a Web application also make it really difficult to write one that's secure.
PHP is a Web development framework that's at the heart of some of the most important Web applications today. PHP powers Wikipedia. PHP runs websites at National Public Radio, Sourceforge, and the state of Rhode Island, to name a few. Indeed, every time you see a URL that ends ".php," that's a sign that PHP is helping deliver you your Web pages.
So given the current state of computer software, it should be expected that the PHP run-time system has some bugs in it, and that some of these bugs are security bugs. All software has bugs in it, after all.
But PHP has more than a few security bugs: in many ways PHP is fundamentally flawed. The program, whose initials originally stood for Personal Home Page, was designed without much thought given to security. Many of the PHP features that make it really easy to write a Web application also make it really difficult to write one that's secure.
answered
This is a quite old (and unfortunately wrong) essay from someone who didn't even know the difference between a scripting language and a framework. Why did you post this anyway?
Reference and comments:
http://www.technologyreview.com/blog/garfinkel/17538/
//later edit: It sure looked like a spambot but old stuff still crawl the internet, just as the old ACE mobile phone virus, which I recently explained some people it's an "ancient" hoax. :P
Reference and comments:
http://www.technologyreview.com/blog/garfinkel/17538/
//later edit: It sure looked like a spambot but old stuff still crawl the internet, just as the old ACE mobile phone virus, which I recently explained some people it's an "ancient" hoax. :P
Edited by kneekoo on 09-06-2011 12:32,
answered
Kneeks, you answered a spambot. Tihi... :D
Locked
Locked
Category Forum
Announcements & Security IssuesLabels
None yet
Statistics
- Views 0 views
- Posts 2 posts
- Votes 0 votes
- Topic users 3 members
3 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions