Bugtraq mailing list archives
RE: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: "Jim Harrison" <Jim () isatools org>
Date: Mon, 1 Jan 2007 13:31:09 -0800
<Peeve type="pet"> "They" (developers) and "it" (the secure language) are both moving targets. There is no "genetic memory" with the human race; any more than there is an "inherently secure" language. For every developer that learns how to write "secure code", at least one more starts cutting his/her teeth in the same language; possibly for the same reasons. Anyone who insists that there either exists a "secure language" or that the problem of "secure code" can be "completely solved" is IMHO, severely deluded. Neither will ever be even remotely true. </Peeve type="pet"> If you have issue with someone's code habits, address it with them first. This is part & parcel to the "education" process. If this fails because of their unwillingness or inability to adjust, then you've done what you can. If this unresolved problem presents a public disservice, then you report it. Public opinion is a powerful motivator. Jim -----Original Message----- From: Tino Wildenhain [mailto:tino () wildenhain de] Sent: Monday, January 01, 2007 1:00 PM To: Bill Nash Cc: Kevin Waterson; bugtraq () securityfocus com Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash schrieb: ...
*ANY* language implemented for *ANY* purpose is as secure as the
programmer makes it. The way the original post is written, s/PHP/(Perl|ASP|C|bash|BASIC|four little buddhist monks fighting over an abacus)/ is applicable. The vulnerabilities that we see, that Gadi refers to, aren't widespread because PHP is widespread, but because insecure applications written in PHP are. A better use of energy would
be focusing on the most vulnerable platforms and educating the
developers. But aparently they aren't educatable - hence they stick to this language. (Because of the many bad examples they can cut&paste code from) T. All mail to and from this domain is GFI-scanned.
Current thread:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Tino Wildenhain (Jan 01)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes (Jan 01)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed (Jan 02)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 02)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Darren Reed (Jan 02)
- RE: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Harrison (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Ronald Chmara (Jan 04)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jim Manico (Jan 08)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Tino Wildenhain (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Bill Nash (Jan 01)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Dana Hudes (Jan 02)