http://blog.odynia.org/ .. en Serendipity 0.9.1 - http://www.s9y.org/ Wed, 28 Jun 2006 18:17:52 GMT http://blog.odynia.org/templates/wow/img/s9y_banner_small.png http://blog.odynia.org/ 100 21 http://blog.odynia.org/archives/17-PHP-Security.html PHP http://blog.odynia.org/archives/17-PHP-Security.html#comments http://blog.odynia.org/wfwcomment.php?cid=17 0 http://blog.odynia.org/rss.php?version=2.0&type=comments&cid=17 nospam@example.com (Robert Amos) <div>It seems that once again people are trying to spread Fear Uncertainty and Doubt (FUD) about the security of PHP. The article <a href="http://www.owasp.org/index.php/PHP_Top_5">http://www.owasp.org/index.php/PHP_Top_5</a> lists what they consider to be PHP security faults.</div> <br /> <div>This is simply not true. None of the faults listed here are actually PHP-specific. The items they list could occur on any programming language if the programmer was sufficiently inexperienced. Further, any and all of the faults have been made harder to access by recent versions of PHP.</div> <br /> <div>The article does make for a good read though, on some of the basic security practices you should undertake on any language, and would likely have been well received if not worded in such a manner that it could be perceived as an attack <img src="http://blog.odynia.org/templates/wow/img/emoticons/smile.png" alt=":-)" style="display: inline; vertical-align: bottom;" class="emoticon" /></div> <Br /> <div>Remember though, a programming language is only as secure as the person using it. Read up on your security practices and you'll be right. Pay attention to security announcements, most major open source projects have them in an easy to access place, and always keep your software uptodate with patches!</div> <br /> <div>-bok</div> Thu, 29 Jun 2006 04:08:47 +1000 http://blog.odynia.org/archives/17-guid.html