This post originated from an RSS feed registered with .NET Buzz
by Jon Box.
Original Post: PHP: A Study in Bad Security
Feed Title: Jon Box's Weblog
Feed URL: http://radio-weblogs.com/0126569/rss.xml
Feed Description: This is a log of my findings and amusements with .NET. I also present information on my presentations and others that I see.
Do you check out Peter Coffee's column at eWeek? He always has interesting ideas and this week's is no exception. Titled "Disappearing .Net Brand Invites Assimilation", the article talks about what we can deduce from the "Visual Studio 2005" title not including the ".NET" term. The point of this entry is not about .NET which is certainly becoming just one of the services exposed from a Windows platform (that's a good thing) and becoming a preferred access mechanism over the Win32 API. What caught my eye is this comment:
"Personally, I'm in a pretty grouchy mood at the moment about end users' apparent willingness to live with bad choices that developers make: specifically, choices that favor developer convenience over security and reliability and other boring issues. For example, I'll soon be sharing with eWEEK readers my comments on Greg Hoglund's and Gary McGraw's new book, "Exploiting Software: How to Break Code"; one comment from that book seems apropos. The specific subject is PHP, which the book calls "a study in bad security. ... The mantra 'don't make the developer go to any extra work to get stuff done' applies in all cases." And yet, PHP is widely used, creating widespread vulnerabilities."
I have taken some quick looks at PHP and every time I come back thinking: "Why would people want to run ASP or PHP (or any script language) when there is a better IDE, runtime environment, and mature framework in ASP.NET?" Now add the above comment to the list.
If you believe that I'm out of line here, check out the PHP conversion/comparison articles on MSDN. I'll be glad to listen to your comments on this subject.
Previous Topic
