[EMAIL PROTECTED]
Seriously though, if you're a beginner, learn *any* language but PHP
and anything Microsoft specific.
Hi
Out of interest, why would you say this.
You've never had to admin a web server where people used PHP huh?
People are always getting PHP hacked, to upload files, worms, and root
kits. Its a constant trouble to have to scan for maliciouose PHP and
remove/update the scripts involved. Practically a full time position
here just to maintain security due 100% to PHP
You got any links to support your statement, I googled and I have not
seen anything than the usual, and googling for perl exploits and
produces a fair amount of results.
Yes *any* language can be used for evil, PHP just makes it way more
intuitive and easy to do, others you have to be semi stupid to write
dangerous code. (For example Matt's script archive is full of some
extremely lame and insecure Perl scripts, I hate those as much as I do
PHP, but thats just *one* set of scripts not the entire implementation
of the language)
For instance:
"Oh I have Magic quotes on so I can just pass my safely quoted data to
mysql": wrong, now you have an injection attack.
"Oh I have it tightened down with PHPSuExec and have all sorts of
goodies in php.ini to tighten it up": wrong again, `touch ~/php.ini` and
poof all the "safeties" are off.
I can't tell you how may times I've seen people with scripts that have
exploits that allow them to upload files to /tmp and run commands on
them. I've seen everything from rootkits to DoS bots *all* from PHP
scripts that don't even have any upload funtions or system command calls
themselves!!!
Just recently this worm was going around:
http://www.google.com/search?q=phpbb_patch
which brings up another popular hackability example:
http://www.google.com/search?q=phpbb+security
There have been some *major* issues with that.
In fact its gotten so bad we're considering removing PHP from our
servers and creating/using different versions of PHP scripts people like
to use in Perl (or C or Ruby, or Python, etc etc)
Also from our benchmarking its plain too see that PHP is a huge bloat,
it has to run under apache for the same reasons hippo's stay in the
river most of the time.
I don't have time for specifics, if you're really interested do your own
tests but you'll be much better off not getting involved with PHP but of
course if you want the headache shoot yourself.
So again I reiterate: if you're a beginner (IE you havn't be molested by
the PHP community yet and had the misfortune to use it) then stay away,
of course thats just my .02 based on years of large scale development
projects and admin work. I'm sure some PHP advocate will come down on me
with fire and brim stone but who cares they're jerks and they'll get
theirs when they're hacked into oblivion ;p
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
