On giovedì 10 gennaio 2008, Peter Eriksson wrote:
All the suggested ones have just one big FAT problem - they are all written in that security bug ridden language that the hackers just love to exploit - PHP. Running a web application available to the whole wide internet written in PHP is just asking for someone to break into your systems.
Oh my god! Never heard nothing more ... bah .. no words!
Not to flame, but please permit me to just point out some ideas:
- PHP is one of the many scripting languages
- PHP is oriented to web development (but not only)
- PHP (and PHP4 in particular) had is huge success thanks to its simplicity and the lackness of strict type check and so on...
The last point is the glory and the pain of the language, as this makes unskylled people to rapidly develop in PHP *working* software...
yes, I said "working" software, that is not a good written, projected, hardened software!! Squirrelmail itself is (at least before the OOP recoding) very very poorly written...
Finally, the simple and unconfutable fact that a wide number of web server are exploited thanks to bad PHP script in *not* and intrinsic hole in the language, the are simple very very bad coded script/apps!!!
I can assure that writeing a secure PHP application is not a nightmare, is simply coding in a professional way.
The simple fact of using (using in a professional way, not just installing and coding !!!) a good Framework and ORM can already make the application SQL Injection free, more secure, portable and so on ...
My 2 cents
--
<?php echo ' Emiliano Gabrielli (aka AlberT) ',"\n", ' GrUSP founder - ZCE ',"\n", ' AlberT_at_SuperAlberT_it - www.SuperAlberT.it ',"\n", ' IRC: #php,#AES azzurra.com ',"\n",'ICQ: 158591185'; ?>