[Cialug] URGENT! How to list all files new/modified last 24 hours

Nicolai nicolai-cialug at chocolatine.org
Fri Oct 26 13:36:23 CDT 2012


On Fri, Oct 26, 2012 at 12:25:37PM -0500, Kenneth Younger wrote:
> PHP itself isn't inherently dangerous. Let's not spread some FUD, now.

It isn't FUD at all: PHP is an unmitigated security disaster.  Here's a
page showing its percentage of security holes among all known:

http://www.coelho.net/php_cve.html

Ouch.  Nothing else compares to that.

You can search for vulnerabilities here:

http://web.nvd.nist.gov/view/vuln/search

PHP: 20,480
Javascript: 847
Python: 142
Apache: 573
nginx: 12
publicfile: 0
MySQL: 364
PostgreSQL: 83
sqlite: 25

PHP dwarfs other software.  There is just no comparison at all.  If PHP
is considered secure, than nothing can be considered insecure.

Quoting an OpenBSD developer and Google Security Engineer:

 "PHP is a domain-specific language for writing XSS and SQL
  injection bugs." - Matthew Dempsky

There are alternatives to PHP, so its use is inappropriate at best.
Some would say it's criminally negligent, but I don't think in general
that software security laws should exist.

Nicolai


More information about the Cialug mailing list