The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I've just compiled a page of links for a political site I have been working on, in all there are over 800 of them on this page...
Out of this 800+ there are:
200 using ASP and 1 using PHP! That's right... 1...
Now all of these are large global sites of major status, so if PHP is that amazing, how come only one of them uses it?
Turbonutter wrote:
> Think of it this way: How many Apache-attacking viri are > there compared to IIS-attacking viri? Also, why is there
> only one (reletively minor) Linux-attacking virus and
> millions of Windows-attacking ones?
Viri that we know of! I have said before that MS gets more publicity when their stuff gets attacked, I can't remember the last time I saw a specific report on a UNIX virus.
Not only that, once a UNIX system has been infiltrated, there are shed loads of scripts out there for script kiddies to install and do some more damage with.
Also, think of it this way. One of the reasons MS systems are such a target is because they are realtively easy to use, *NIX on the other hand, is a lot harder, so less people can be arsed trying. If your *NIX system was as easy to use and had as much market penetration as MS systems you would see more people trying to break it, hack it, crack it, phreak it, whatever.
The MS Vs *nix argument is like saying "if you drive a red car, you are more likely to have an accident..." but neglecting to mention that there are physically more red cars on the road than any other colour, so of course more red cars are invoved in accidents.
> PHP is a little different though. Because you write
> it yourself, it's only as secure as the script you write.
At least this bit makes sense. Same goes for system admin though, if you change passwords and scan for viruses and back-up regularly, no matter what happens, you won't be too hard hit when the worst case scenario comes home to roost.
> The same goes for ASP. However, PHP has less HOLES than
> ASP does.
Should read "PHP has less publicsed holes than ASP" dammit. We all know that both PHP and ASP scripts can be broken, but like you say, it depends how they have been written.
`ls $foo`;
?>
Then that's utterly, utterly stupid. That doesn't make PHP less secure though. However, if I put:
$foo = escapeshellcommands($foo) // I think that's the function
`ls $foo`
?>
It would be perfectly secure. Of course, if you put...
`$foo`;
?>
...you deserve to have something very nasty done to your system. The same applies to everything.
> That report applies to anything. ANY script, written in PHP, ASP, Perl or fish++
> is only as secure as you write it.
The report never claimed that the flaws didn't apply to other languages (although some of them don't btw). What it is saying is that PHP's nature makes it very easy to overlook them and more difficult to protect against them especially in the default config.
> The report never claimed that the flaws didn't apply to other languages (although some of them don't btw). What it is saying is that PHP's nature makes it very easy to overlook them and more difficult to protect against them especially in the default config.
Don't go upsetting Rob now... He's the GOD of PHP!:-)