News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Dan Scott's Blog:
The state of PHP security (LWN article)
December 28, 2006 @ 10:34:00

In a new post to his blog today, Dan Scott points out an article over on the Linux Weekly website talking about the current state of PHP security.

I was hoping for some provocative thoughts about the direction that PHP has been taking for the last six months or so in the arena of security. Unfortunately, I was greatly disappointed. Beyond using Stefan's departure as a kicking-off point for the article, the author didn't even mention any of these issues (taint, ext/filter, etc).

Instead, the article swerves back into the old rut of register_globals and magic_quotes. Dan also expresses concern at a possible misquote from Rasmus Lerdorf and that, had the author done a bit more homework, they wouldn't have made comments (in reference to the above mentioned features) like:

Security is a hard problem and any attempt to 'dumb down' a language is likely to run into security issues. [...] A great deal of useful code has been written on the PHP platform; it would be nice to find a way to keep that code coming while simultaneously making it more secure.
0 comments voice your opinion now!
security state linuxweekly article research magicquotes registerglobals security state linuxweekly article research magicquotes registerglobals


blog comments powered by Disqus

Similar Posts

PHP Zurich: Meeting Details - March 14th, 2006 @ 6:30pm

Alistair Wooldrige's Blog: Is PHP Insecure? Hell No!

DevShed: Database and Password Security for Web Applications

Zend Developer Zone: L10N==Localization (See there are ten letters...Oh, you get it...OK)

Nick Halstead's Blog: Solving Programming Problems


Community Events





Don't see your event here?
Let us know!


community list framework podcast zendserver bugfix conference api interview language symfony tips development release laravel code introduction deployment series threedevsandamaybe

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework