[pmwiki-users] Selecting a Wiki engine...

Thomas -Balu- Walter list+pmwiki-users at b-a-l-u.de
Fri Oct 6 07:16:51 CDT 2006


On Mon, Oct 02, 2006 at 11:00:23PM +0200, Joachim Durchholz wrote:
> > It's as usual - it's not the language that has security problems, it is
> > the code - or said other way round - the developers. 
> 
> I have to *strongly* disagree.
> While you're right that it's the code that's insecure, not the language 
> per se, a language design can encourage or discourage secure code. And 
> in this respect, PHP is quite far on the insecure side.

When coding web applications the most common errors are not checking
received input, creating insecure SQL queries and sending raw data back
to the browser. It's the developers task to make sure those can not be
exploited in any language.

> PHP also has a long history of bad design decisions. The various 
> magic_quotes directives in php.ini really stink - they can't be switched 
> off from PHP, there's no way to undo their effects where you need it, 
> and they don't do the job properly - they actually managed to cover all 
> possible serious design errors for a quoting mechanism in a single grand 
> misdecision.

I have to say that I'd have been glad if they simply reverted those
while introducing the superglobals. But it is possible to revert those
in a script - in fact I'm using a small snippet in most of my scripts to
do so.

Anyway - back from language flame wars to to "Selecting a Wiki engine".
:)

     Balu




More information about the pmwiki-users mailing list