[pmwiki-users] Selecting a Wiki engine...
Joachim Durchholz
jo at durchholz.org
Mon Oct 2 16:00:23 CDT 2006
Thomas -Balu- Walter schrieb:
> On Mon, Oct 02, 2006 at 06:50:10PM +0200, Oliver Betz wrote:
> Pm's code is really great. It's very modular and very extensible. I've
> not seen many projects where you can do so much with so little code and
> so little changes / extensions.
While I agree, I have to say that I find that PmWiki's code is rather
weak on naming and namespace management.
>> Security: is PHP really that bad (e.g. compared Perl) in terms of
>> security? The PmWiki code didn't seem to have many security issues in
>> the past. Is it written more defensive than other applications?
>
> It's as usual - it's not the language that has security problems, it is
> the code - or said other way round - the developers.
I have to *strongly* disagree.
While you're right that it's the code that's insecure, not the language
per se, a language design can encourage or discourage secure code. And
in this respect, PHP is quite far on the insecure side.
PHP also has a long history of bad design decisions. The various
magic_quotes directives in php.ini really stink - they can't be switched
off from PHP, there's no way to undo their effects where you need it,
and they don't do the job properly - they actually managed to cover all
possible serious design errors for a quoting mechanism in a single grand
misdecision.
PHP also has some features that make it easy to have bugs in general,
and of course some of these bugs introduce security issues. I'd really
appreciate it if webhosting accounts wouldn't ship with PHP per default,
and used something sane. Whether that "something sane" would by Python
or Ruby I can't tell, but I have to disappoint PM by saying I wouldn't
count Perl among the sane languages either - while it has many, many
excellent features, it's still insanely write-only ;-P
Regards,
Jo
More information about the pmwiki-users
mailing list