[ale] Seven Deadly Sins - PHP

George Carless kafka at antichri.st
Tue Jun 10 21:23:40 EDT 2003 

A few thoughts.  And note that I am a PHP programmer.

>The PHP part in "Deadly sin No. 4" caught my attention:
>
>"On Toxen's "don'ts" list: Don't use PHP, even though it's convenient."
>
>I've read this list long enough to recognize that Bob Toxen is a pro's
>pro, and when I see statements like that coming from him, I get
>paranoid. I'm a Solaris SA responsible for several webservers, and not
>a programmer by any stretch, but we've web developers that seem to be
>embracing PHP with unbridled passion. As such, I'm beginning to feel
>like I'm sitting on the systems sidelines wondering what the heck is
>going on here? What is it's utility (or fasination?) that seems to make
>this the web dev tool of the year? Questions:
>
>1). is PHP just bad programming practice in general? (and if so, what
>could or should be used instead?)

I don't think so.  It has some holes, but they tend to be spotted and 
addressed fairly quickly.  Is the same true of, oh, VBScript on top of ASP, 
or ColdFusion, or JSP, or even the likes of perl?  I'd say that there're 
always ways of shooting yourself in the foot, of doing things badly.  I 
don't think PHP really makes it especially more difficult, either: cgi 
opens up its own set of problems, for example, and while PHP certainly 
*has* left things open in the past, it's a young language which gets 
updated quickly.  And has many eyes upon it.

>2). what kinds of admin headaches am I opening myself up for, anyway?

This really depends upon how you have things set up.  Set php up properly, 
with things turned off that need to be turned off, and with a careful eye 
on file permissions

>3). related... what should I be looking for in system and web portal
>logs, especially in terms of attacks?
>
>I guess what I need is a good primer on this stuff, like a 'What Every
>SA Must Know About PHP', if you will.
>
>4). any recommedations for a quick, yet thorough, PHP read?
>
>I've also become acutely aware as of late that this stuff seems to be
>very buggy in general, and seems to also be causing headaches for the
>developers in no predictable manner. In short, it likes to crash, and
>I'm being enlisted more and more to assist in running Solaris
>diagnostics on this stuff (for what good it seems to be doing so far),
>and in playing with ulimits, and frankly, I don't think anyone has a
>clue (and I know I don't).
>
>5). soliciting anybody elses experience(s)?
>6). open for anything else....
>
>I've been to the PHP website also. The issues people are having with
>this are just short of stunning.
>
>Thanks.
>fgz
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list