Posted by Michael Fesser on 02/27/07 16:34

..oO(walterbyrd)

>I honestly don't know. But, I have seen articles and posts about how
>PHP is terribly insecure. I don't usually see comparisons to other
>common web languages.

You can write insecure and vulnerable code in every language.
A tool is just as good as the one who uses it.

>I think the big vulnerablity is supposed to be code injections.

There are many different kinds of injections (code, SQL, mail headers,
XSS ...). Some languages may have their own ways to handle some of them
(tainted variables, prepared statements ...), in others you have to make
your hands more dirty, but you always have to take them into account in
every language used for server-side programming.

>Another security issue would be having code stolen, but I think that
>PHP can be protected from that.

PHP is executed on the server. If someone is able to get the code then
you have another _real_ problem.

Micha

• Next in forum: Re: is PHP less secure than Perl, Python, or Ruby?
• Prev in forum: Re: Trouble passing mysql table name to php function and using it!
• Thread view: Re: is PHP less secure than Perl, Python, or Ruby?

[Reply to this message]