Andreas Ericsson schrieb am Thursday, den 13. August 2009:
Him
> > Hi,
> >
> >>> now with the release of 3.2.0 and the stupiest decision ever - the move to a
> >>> php frontend - I'm looking for a replacement.
> >>>
> >>> It should be:
> >>>
> >>> - compatible with nagios plugins
> >> That would be Big Brother then, I guess.
> >>
> >>> - developed with security in mind. (yes that means no php)
> >>>
> >> Do you really think that coding web-applications in C is more secure than
> >> writing them in PHP? What do you base that assumption on?
> > The horrible history of php itself.
>
> The horrible history of php, or the horrible history of php applications?
In fact both.
>
> > The language is bad designed
>
> This is an objective opinion. Please keep them away from serious technical
> discussions.
Bad design leads to bad code. Which is an objective fact for many php
applications.
> > and the
> > interpreter is full of bugs which leads to more security implications than
> > most people could imagine. History also shows that the php devs are not able
> > to handle their own bugs nor do they proper security management. After the
> > last 2 breakins via php and php applications we decided to not use php
> > anymore.
>
> Via php or via php applications? If you consider the history of bugs in C
> applications that lead to remote code exploitation, I think you'll find that
> php is quite secure. Ofcourse, a lot more fledgling programmers write code
> in php, and they do not always have a single clue about security concerns.
> That doesn't mean it's impossible to write secure php applications. It just
> means you have to vet those applications before you actually trust them with
> sensitive data, just as you would with a C program.
One about a php application and one about php. In my experience neither
people developing in php nor people devoloping php have a single clue about
security.
Alex
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]