[Cialug] URGENT! How to list all files new/modified last 24 hours
jim kraai
jimgkraai at gmail.com
Fri Oct 26 13:50:45 CDT 2012
The fact that engaging in that criminal negligence has fed my family and
many others over the years is irrelevant? ;-)
It's an awful language, to be sure, but the amateur coders who have been
using it incorrectly and its popularity are to blame for the security
problems.
--jim
On Oct 26, 2012 1:36 PM, "Nicolai" <nicolai-cialug at chocolatine.org> wrote:
> On Fri, Oct 26, 2012 at 12:25:37PM -0500, Kenneth Younger wrote:
> > PHP itself isn't inherently dangerous. Let's not spread some FUD, now.
>
> It isn't FUD at all: PHP is an unmitigated security disaster. Here's a
> page showing its percentage of security holes among all known:
>
> http://www.coelho.net/php_cve.html
>
> Ouch. Nothing else compares to that.
>
> You can search for vulnerabilities here:
>
> http://web.nvd.nist.gov/view/vuln/search
>
> PHP: 20,480
> Javascript: 847
> Python: 142
> Apache: 573
> nginx: 12
> publicfile: 0
> MySQL: 364
> PostgreSQL: 83
> sqlite: 25
>
> PHP dwarfs other software. There is just no comparison at all. If PHP
> is considered secure, than nothing can be considered insecure.
>
> Quoting an OpenBSD developer and Google Security Engineer:
>
> "PHP is a domain-specific language for writing XSS and SQL
> injection bugs." - Matthew Dempsky
>
> There are alternatives to PHP, so its use is inappropriate at best.
> Some would say it's criminally negligent, but I don't think in general
> that software security laws should exist.
>
> Nicolai
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list