On Wednesday 30 November 2005 18:27, Paul A Houle wrote: > Nick Kew wrote: > > That looks a lot like Windows' market position. And I suspect it's no > > accident: both products have heaped on new 'goodies', all too often > > at the expense of other considerations. It's IMO also no accident > > that PHP is moving towards a Windows-like security track record. > > You'll find skeletons if you go looking in CPAN. > > Market share is a lot of the reason why people target malware at > Windows.
That's offtopic and largely untrue. But a counterexample is ontopic: if market share were really the determinant, what webserver would Nimda, Code Red, Code Blue et al have hit? The truth is that Mac, Linux and others have *ample* market share. Even a real minority-system like RiscOS has been targeted. > The real trouble with PHP is that it's sparked a revolution in web > server software: code reuse. Like CGI.pm, libwww-perl, DBI/DBD et al never did? Erm .... > Before PHP, you couldn't find affordable > web hosting for dynamic sites: cgi-bin was so expensive and problematic > that mass hosting facilities couldn't afford to host it. Mod_perl would > be out of the question. I had no trouble finding cheap CGI hosting before moving to my own server. Actually that's not entirely true: my first host was not competently run. But moving to pair.net in IIRC May '96 got me something that worked well. > If there were any Perl or Java apps of the same > popularity, we'd be seeing the same thing. There are cultural reasons that are more important. If you post a Perl script that omits perl's taint checking, you'll predictably get flamed for it. So the newbie programmer has to figure out whats going on, and take in some basic principles of security in the process. Of course you can't guarantee that'll work, but it makes a better environment for safety- awareness than PHP. And it's not as if Perl is, in general, something I'd hold up as a role model for good practice, either:-) -- Nick Kew
