On February 21, 2014, Matthew Frederico wrote: >> Basing everything you do off from a combo of Linux Apache, MySQL and PHP is
>> going to give you vulnerabilities you can't even imagine.. And of course >> those vulnerabilities scale as you try to scale. > Would you mind expounding on what vulnerabilities this stack would incur? Something else I'd be curious to see. Although I don't personally use MySQL much at all any more I'd be curious to hear more about the problems you've faced using this combination. As I said just a moment ago in another message, I generally use a LAPP architecture vs. LAMP (the P being PostgreSQL vs. MySQL). I'll grant most of my projects are small time and aren't used world wide (or at least, not by a large percentage of the web, although the users may be all over the world), but I haven't had any programs having vulnerabilities exploited. Perhaps it's careful coding and SQL statement phrasing. Perhaps it's something else, but I've had nary a complaint from anyone that I've ever done PHP work for, nor did my own PHP code give me any issues. --- Dan On Sat, Feb 22, 2014 at 2:28 AM, S. Dale Morrey <sdalemor...@gmail.com>wrote: > I used to be a master PHP programmer. I had hundreds of projects under my > belt. > They were all designed with the very best practices of the day. > > Then one project after another fell due to vulnerabilities. Sometimes code > issues, sometimes wierd SQL attacks that had been previously thought to be > "unpossible". > Eventually all of these projects were replaced with less vulnerable > languages such as Python, Java & Node. > > In the intervening years I've learned that PHP is good for a quick > prototype to generate enough interest to get funding for a real project. > Sorry but that's the truth as I see it from having spent the last decade > and a half as a hired gun. > > Now days 20% of my work involves moving companies & people off from PHP and > onto something more secure, more scalable etc. > > I would argue that a company will get more bang for it's buck by leveraging > what they already know. If you have webdevs with strong Javascript > experience then node is awesome. If you've got serious engineers with Java > or C++ then frameworks based on that are good, Python also seems to work > well for these guys although I've never been able to pick up strong > proficiency in it. Perl may still be a good contender if you can grok the > insane and arcane syntax it's performance will most times be far in excess > of anything you'll achieve with PHP. And then of course there's Ruby, but > I won't get into that. > > In fact the fastest webservice I ever built was built on top of Lua and it > easily handled 300,000 queries per second in the real world. This was > about 5 years ago on a single box with a flat-file DB an SSD drive and a > crapton of ram. (crapton is a new unit of measurement, not a new particle) > > Every project is a matter of picking the right tool for the right job. > Basing everything you do off from a combo of Linux Apache, MySQL and PHP is > going to give you vulnerabilities you can't even imagine. And of course > those vulnerabilities will scale as you try to scale. > > I believe that the combination of MySQL and PHP should be considered > anathema to good design practice for any company developing a modern > infrastructure. If you must go with PHP don't use MySQL as a backend. If > you must use MySQL don't use PHP as a front end. > > So I stand by my earlier statement. I've learned that MySQL/PHP is good > for a quick prototype to generate enough interest to get funding for a real > project. Once you have that funding ,an immediate move to something better > is in order. > > I do still like the language itself. It's the implementation that sucks. > > > On Fri, Feb 21, 2014 at 1:20 PM, Matthew Frederico <mfreder...@gmail.com > >wrote: > > > On Fri, Feb 21, 2014 at 1:03 PM, Tod Hansmann <plug....@todandlorna.com > > >wrote: > > > > > Do you have to LOVE PHP? Can you just have an understanding of its > > > usefulness as a tool despite the terrible language it is implemented > as, > > > thus enjoying building things with it as opposed to enjoying it in and > of > > > itself? =cP > > > > > > I know, I'm a bad man. > > > > > > > Dear Tod, > > > > Not *loving* php doesn't make you a bad man .. well, not too much :-) > > > > Yes - it's not a perfect programming language like node, but compared to > > GWBasic or Java - (</me ducks>) its shortcomings are outweighed by its > low > > footprint, ubiquitous install base and easy to pick up grammaticals. > Thus, > > like the hammer of Thor - In the right hands "the php" can be a powerful > > force to do good. Just like every other language with a cult-like fan > > base. > > > > So perhaps you are right - Loving what it does, not necessarily what it > is. > > (Love the sinner, not the sin?) > > > > Best Regards, > > > > - Matt > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
