After reviewing the urls (the ones that are valid) I did not see anything to suggest php is any worse or better than any other language. My number one choice would be to use "c".
The app should support winxx, mac, unix, linux and text (if possible). The app also must scale from localhost to intranet to internet. The app must also scale from a few users up to several hundred or more concurrent users. Security of data is more important than speed or user ease of use. The app should also require the minimum software installs on the user's machine and add no additional security risks for the users. As I have reviewed the various requirements and options basing app on the web is the best option I see. Feel free to make your suggestions. My Langauges - c, c++, bash, perl, php, assembler, fortran, pascal, cobal. I gave up trying to learn java - I just do not have that much time to spend. Python - it is a great language but counting columns is something I don't do anymore - too much fortran, assembler, and cobol. Maybe next time. That leaves php or perl unless someone knows some really cool c and c++ tricks. That still leaves the problem of how to secure the app and make some of the user information persistant - no one wants to enter their userid and password on every form. Cookies and hidden data fields seem to be the only real option. What are the other options? I have considered having one user enter the data and a second confirm the data. Right now cookies still look like the best option. thanks for the help and comments oscar On Saturday 19 August 2006 11:20 am, Steven H. McCown wrote: > I'm resending this since it bounced. Something about being over 40KB. > > > > There are some more serious security implications with your choice of tools > (e.g., injections). Far from the definitive word, these are hotly debated, > demonstrated, and refuted. Here are a couple of blog articles that you > should research and consider re PHP: > > > > - PHP Insecurity: Failure of Leadership (http://www.greebo.net/?p=320) > > > > - PHP Security: Dumb Users or Dumb APIs? > (http://www.sitepoint.com/blogs/2006/01/24/php-security-dumb-users-or-dumb- >a pis/) > > > > This is from last year's Blackhat, but it's fairly new and still relevant: > > > > - Beefed up OWASP 2.0 introduced at BlackHat > (http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci111 >1 443,00.html) and (http://www.owasp.org/index.php/Main_Page) > > > > How to harden this? It's a moving target. PHP6? Until it is released and > then I'll say PHP7. ;-) > > > > The key is that if you don't *really* have to be web-accessible, then > don't. > > > > Steve _______________________________________________ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss