Thijs Kinkhorst wrote: > On Wednesday 4 July 2007 06:28, Charlie wrote: > >> "Especially for such **insert curse words here** languages like php". >> >> Why do you feel that php is a **insert curse words here** language? >> >> If PHP is such a **insert curse words here** language, then why does Debian >> allow apps such as roundcube and gallery2, to mention a few, into the >> repos? >> >> Which language would you recommend using and why do you recommend it? >> > > I think Bernd has used unfortunate words to express that in his opinion, it's > easier in PHP to create security bugs in your code. > > I only agree to that to a limited extent. The most important problem, > register > globals, has been resolved (Debian tells users not to use that setting or be > on their own). However, it is true that it's easy to start coding in PHP so > there's a higher level of inexperienced programmers. It's also true that web > applications in general are more vulnerable to bugs, but this is not > PHP-specific. > > A traditional language like C also has its own classes of security problems. > > You should be careful with any package you upload to Debian, and specifically > web applications. I do not recommend other languages than PHP that are > supposedly 'better', because the security of the app depends so much more on > the programmers than on the actual language used. > > You could say that the easiness of PHP selects in favour of less experienced > programmers, so an audit can be worthwhile. > > It helps no-one to be cursing at specific languages and I don't see the added > value of that to this list. > > > Thijs > I stand corrected, and I apologize for my conduct.
Charlie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
