I'm quite confident that someone could develop a very secure
interpreted language.
Thats a moot point, it's not about languages anymore, it's about
FRAMEWORKS on top of languages with security baked in.
In Java my team has one validation servlet that every request must go through
- so even if
Dana:
The S in RSA stands for Adi Shamir, not Ravi Sethi. Ravi is the
author of the Dragon Book, however.
This one time, at band camp, Dana Hudes wrote:
Darren Reed wrote:
In functional programming languages (think 4GLs like prolog),
Prolog isn't a 4GL (it was invented in 1972 ). In Ravi
: Tuesday, January 02, 2007 10:37 AM
To: Jim Harrison
Cc: bugtraq@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
In some mail from Jim Harrison, sie said:
No; this wasn't flame-bait, although I'd be silly not to expect some.
Let me make my position
On Wed, 3 Jan 2007, Darren Reed wrote:
The problem we have right now is that the language commonly used for
dynamic web pages on non-Microsoft platforms is PHP and that this has
not been engineered *for security*.
The goal of a language such as PHP should be to make it possible
to do what
On Jan 2, 2007, at 10:37 AM, Darren Reed wrote:
In some mail from Jim Harrison, sie said:
Again; I agree with and fully support the effort. What I'm trying to
point out is the literal impossibility of actually achieving genuine
security in either our code or the languages it's written in.
This one time, at band camp, Chad Maron [EMAIL PROTECTED] wrote:
As far as I'm concerned, PHP is one of the better languages out there it's
just that lazy and incompetent pseudo-developers get their hands on tutorial
code and copy-paste it into oblivion.
agreed, however PHP core
In some mail from Jim Harrison, sie said:
..and similar statements can be made for Basic (pickyourflavor) as well.
This argument proves my point that there is no such thing as a truly
secure language; it's entirely dependent on the dev skills.
I disagree. But then the above could be taken
@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
In some mail from Jim Harrison, sie said:
..and similar statements can be made for Basic (pickyourflavor) as
well.
This argument proves my point that there is no such thing as a truly
secure language; it's
In some mail from Jim Harrison, sie said:
No; this wasn't flame-bait, although I'd be silly not to expect some.
Let me make my position clear; the goals of secure coding and secure
languages are both grand and well worth the time spent.
There are two primary factors which make this an
On Sun, 31 Dec 2006, Kevin Waterson wrote:
This one time, at band camp, Gadi Evron [EMAIL PROTECTED] wrote:
Indeed, the most annoying thing about the PHP worms today is that these
PHP vulnerabilities being exploited are everywhere.
These are not PHP vulnerabilities, these are
This one time, at band camp, Gadi Evron [EMAIL PROTECTED] wrote:
Indeed, the most annoying thing about the PHP worms today is that these
PHP vulnerabilities being exploited are everywhere.
These are not PHP vulnerabilities, these are application vulnerabilities.
2. Developing secure
Bill Nash schrieb:
...
*ANY* language implemented for *ANY* purpose is as secure as the
programmer makes it. The way the original post is written,
s/PHP/(Perl|ASP|C|bash|BASIC|four little buddhist monks fighting over an
abacus)/ is applicable. The vulnerabilities that we see, that Gadi refers
.
Jim
-Original Message-
From: Tino Wildenhain [mailto:[EMAIL PROTECTED]
Sent: Monday, January 01, 2007 1:00 PM
To: Bill Nash
Cc: Kevin Waterson; bugtraq@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
Bill Nash schrieb:
...
*ANY
is a powerful motivator.
Jim
-Original Message-
From: Tino Wildenhain [mailto:[EMAIL PROTECTED]
Sent: Monday, January 01, 2007 1:00 PM
To: Bill Nash
Cc: Kevin Waterson; bugtraq@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
Bill Nash
Hrm, this is a topic that always angers me. I agree that PHP has some glaring
imperfections (what's the order of operations for explode? implode? join?
split? Which one uses regex? Or what about a laughable excuse for objects until
version 5), but I think it's the programmer that should be held
01, 2007 2:37 PM
To: bugtraq@securityfocus.com
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux
malware]
While I agree that it is poor coding habits on the part of many
developers that are responsible for most PHP application security flaws,
nonetheless there are features
On Fri, 24 Feb 2006, Matthew Schiros wrote:
PHP, like any and all projects, does indeed have security flaws. So
does MySQL. So does Linux. So does sshd. So does Windows. To claim
that we should abandon any individual service simply because it has
security bugs is absurd. Yes, there are
I think you're making my point for me. If, as you say, the Linux
community has a faster turn-around time on poorly designed and
supported applications than, say, the Windows community, if PHP were
actually as bad as some people try to make it out, there'd be no
market penetration for it, as it
On Mon, 27 Feb 2006, Matthew Schiros wrote:
I think you're making my point for me. If, as you say, the Linux
community has a faster turn-around time on poorly designed and
supported applications than, say, the Windows community, if PHP were
actually as bad as some people try to make it out,
That doesn't seem to follow, to me. You cited the Linux as another
example of a product with flaws, so it seems that you thought of it
as being separate. But now you argue that because I said that the
Linux community has less patience for design flaws that PHP's success
supports your point.
1. PHP is the serious or at least open-source/Linux/security freak's
choice for web development. Mine as well (although as many still say, Perl
does a better job).
While PHP is extremely popular, especially in open-source and Linux communities,I am not
sure it qualifies as the defacto choice
On 22/02/06, Kevin Waterson [EMAIL PROTECTED] wrote:
This one time, at band camp, Gadi Evron [EMAIL PROTECTED] wrote:
3. Staying on top of new PHP vulnerabilities has become impossible,
popping around everywhere.
What vulnerabilities in PHP?
Are implying the fault is within the language
PHP, like any and all projects, does indeed have security flaws. So
does MySQL. So does Linux. So does sshd. So does Windows. To claim
that we should abandon any individual service simply because it has
security bugs is absurd. Yes, there are non-trivial problems with
PHP's memory
This one time, at band camp, Gadi Evron [EMAIL PROTECTED] wrote:
3. Staying on top of new PHP vulnerabilities has become impossible,
popping around everywhere.
What vulnerabilities in PHP?
Are implying the fault is within the language itself?
This is akin to saying C has vulnerabilites
Christine Kronberg wrote:
On Sun, 19 Feb 2006, Gadi Evron wrote:
Today, we received a notification about a new Linux malware ItW (In
the Wild).
They are not exactly new. I've seen them floating around for about
two months now. There a different binaries running around doing the
same
On Mon, 20 Feb 2006, Gadi Evron wrote:
Christine Kronberg wrote:
On Sun, 19 Feb 2006, Gadi Evron wrote:
Today, we received a notification about a new Linux malware ItW (In the
Wild).
They are not exactly new. I've seen them floating around for about
two months now. There a different
26 matches
Mail list logo
