On Sat, Oct 14, 2017 at 10:16 PM, Ben Bacarisse <ben.use...@bsb.me.uk> wrote: > "Peter J. Holzer" <hjp-usen...@hjp.at> writes: >> Which probably boils down to the question: Why did providers offer PHP >> and not Python? One reason might be that at the time no suitable web >> framework for Python existed (Zope was released in 1999, and I remember >> it to be rather heavy-weight). One reason might be that providers didn't >> see PHP as a "real" programming language and therefore deemed it >> safer. > > That would be deeply ironic, given the security pain that it has turned > out to be!
Yup. And not exactly surprising to any security expert. The history of computing - well, let's face it, the history of mankind - is littered with stories of "this is simple and easy, we don't need to secure it" turning into "this is actually a major problem". Sometimes we can retrofit enough protection onto the system without fundamentally breaking it (eg DNS, where a variety of forms of security have been added); other times, we learn a new best-prac and keep going (eg parameterized queries rather than risking SQL injection, which some people still haven't learned, but a lot have); and other times, we scrap the bad option and start a completely new way of doing things (bye bye Java applets, bye bye Flash, let's do everything with JS), which of course isn't necessarily perfect either, but is usually a big enough advantage to be worth it. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
