A widely used Web development framework is said to be riddled with security holes.
PHP is a Web development framework that's at the heart of some of the most important Web applications today. PHP powers Wikipedia. PHP runs websites at National Public Radio, Sourceforge, and the state of Rhode Island, to name a few. Indeed, every time you see a URL that ends ".php," that's a sign that PHP is helping deliver you your Web pages.
So given the current state of computer software, it should be expected that the PHP run-time system has some bugs in it, and that some of these bugs are security bugs. All software has bugs in it, after all.
But PHP has more than a few security bugs: in many ways PHP is fundamentally flawed. The program, whose initials originally stood for Personal Home Page, was designed without much thought given to security. Many of the PHP features that make it really easy to write a Web application also make it really difficult to write one that's secure.
0 replies