[ale] Well, this does nothing for the reputation of Linux

[JD]

On 07/21/2013 06:03 PM, Alex Carver wrote:
> On 7/21/2013 14:05, Jim Kinney wrote:
>> FACEBOOK IS SECURE?!?!?!?! when did that happen?
>>
>> PHP, according to many security people far more knowledgeable than me,
>> continues to suffer from design flaws in the core. Now add in the rampant
>> proliferation of poorly coded add-ons and you get the mess that is PHP. It
>> make Java look good.
>>
> 
> I'd actually like to see some site where the security issues of PHP are
> discussed.  Most of the things I've seen have to do with either old versions or
> various "core" modules that may or may not be used in particular scripts but I
> really do want to know what it is these security people find to be a problem
> (partly so I can verify my own installations and ensure there's no major issue).
> 

Software security is hard.  I have doubts that any non-expert can secure any
language enough to put code on the internet.  There are many books, tutorials,
best practices and groups trying to improve the security of software. The best
group trying to create secure websites and web-apps seems to be the OWASP groups.
* https://www.owasp.org/index.php/How_to_write_insecure_code
* https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
but there are many others, usually aligned with each language.  I know the Perl
guys take security very seriously and have since the mid-90s, if not the beginning.

I know a few professional PHP programmers and believe they are experts in the
language AND in creating secure code as well as possible with the tools allowed.
They've also been blindsided a few times when core libraries had poorly thought
out implementations or buggy code was released. That happens with many languages.