Re: [Nagios-devel] Searching for a proper nagios replacement
Posted: Thu Aug 13, 2009 10:30 am
Alexander Wirt wrote:
> Andreas Ericsson schrieb am Thursday, den 13. August 2009:
>
> Hi,
>
>>> now with the release of 3.2.0 and the stupiest decision ever - the move to a
>>> php frontend - I'm looking for a replacement.
>>>
>>> It should be:
>>>
>>> - compatible with nagios plugins
>> That would be Big Brother then, I guess.
>>
>>> - developed with security in mind. (yes that means no php)
>>>
>> Do you really think that coding web-applications in C is more secure than
>> writing them in PHP? What do you base that assumption on?
> The horrible history of php itself.
The horrible history of php, or the horrible history of php applications?
> The language is bad designed
This is an objective opinion. Please keep them away from serious technical
discussions.
> and the
> interpreter is full of bugs which leads to more security implications than
> most people could imagine. History also shows that the php devs are not able
> to handle their own bugs nor do they proper security management. After the
> last 2 breakins via php and php applications we decided to not use php
> anymore.
Via php or via php applications? If you consider the history of bugs in C
applications that lead to remote code exploitation, I think you'll find that
php is quite secure. Ofcourse, a lot more fledgling programmers write code
in php, and they do not always have a single clue about security concerns.
That doesn't mean it's impossible to write secure php applications. It just
means you have to vet those applications before you actually trust them with
sensitive data, just as you would with a C program.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> Andreas Ericsson schrieb am Thursday, den 13. August 2009:
>
> Hi,
>
>>> now with the release of 3.2.0 and the stupiest decision ever - the move to a
>>> php frontend - I'm looking for a replacement.
>>>
>>> It should be:
>>>
>>> - compatible with nagios plugins
>> That would be Big Brother then, I guess.
>>
>>> - developed with security in mind. (yes that means no php)
>>>
>> Do you really think that coding web-applications in C is more secure than
>> writing them in PHP? What do you base that assumption on?
> The horrible history of php itself.
The horrible history of php, or the horrible history of php applications?
> The language is bad designed
This is an objective opinion. Please keep them away from serious technical
discussions.
> and the
> interpreter is full of bugs which leads to more security implications than
> most people could imagine. History also shows that the php devs are not able
> to handle their own bugs nor do they proper security management. After the
> last 2 breakins via php and php applications we decided to not use php
> anymore.
Via php or via php applications? If you consider the history of bugs in C
applications that lead to remote code exploitation, I think you'll find that
php is quite secure. Ofcourse, a lot more fledgling programmers write code
in php, and they do not always have a single clue about security concerns.
That doesn't mean it's impossible to write secure php applications. It just
means you have to vet those applications before you actually trust them with
sensitive data, just as you would with a C program.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]