[ale] OT: Why Big Sites Run Drupal

mike at trausch.us mike at trausch.us
Fri May 4 09:55:06 EDT 2012


On 05/04/2012 09:35 AM, Lightner, Jeff wrote:
> You’re suggesting PHP = Pretty Horrible Privacy? 

That's not a bad way of putting it.

PHP has a very horrible history in terms of security, particularly in
the core interpreter but also in many of the libraries and applications
that have been written using it.

It would be safer and more secure to have a framework that would allow
you to embed C code in templates, and preprocess that to generate the
whole application.

Additionally, a large number of problems with PHP code are the result of
its very "helpful" type system, willing to convert nearly anything to
anything else on-the-fly, whether there is lossage of information or
not.  I don't particularly care for such semantics in a programming
language.  Python is worlds better in that it won't let you do
nonsensical things like:

Python 3.2.2 (default, Apr 21 2012, 02:26:03)
[GCC 4.6.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> "3" + 2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: Can't convert 'int' object to str implicitly
>>>

(Or, on Python 2):

Python 2.7.2 (default, Apr 21 2012, 01:50:43)
[GCC 4.6.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> "3" + 2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: cannot concatenate 'str' and 'int' objects
>>>

Still, though, Python is weak in that it only detects such things at
runtime, and I would argue that means that Python permits programmers to
code DoS right into an application.  But DoS is still better than
outright security vulnerabilities which result in database leakage,
memory leakage, and so forth.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20120504/22253ff9/attachment-0001.bin 


More information about the Ale mailing list