[Cialug] URGENT! How to list all files new/modified last 24 hours
Nicolai
nicolai-cialug at chocolatine.org
Fri Oct 26 13:36:23 CDT 2012
On Fri, Oct 26, 2012 at 12:25:37PM -0500, Kenneth Younger wrote:
> PHP itself isn't inherently dangerous. Let's not spread some FUD, now.
It isn't FUD at all: PHP is an unmitigated security disaster. Here's a
page showing its percentage of security holes among all known:
http://www.coelho.net/php_cve.html
Ouch. Nothing else compares to that.
You can search for vulnerabilities here:
http://web.nvd.nist.gov/view/vuln/search
PHP: 20,480
Javascript: 847
Python: 142
Apache: 573
nginx: 12
publicfile: 0
MySQL: 364
PostgreSQL: 83
sqlite: 25
PHP dwarfs other software. There is just no comparison at all. If PHP
is considered secure, than nothing can be considered insecure.
Quoting an OpenBSD developer and Google Security Engineer:
"PHP is a domain-specific language for writing XSS and SQL
injection bugs." - Matthew Dempsky
There are alternatives to PHP, so its use is inappropriate at best.
Some would say it's criminally negligent, but I don't think in general
that software security laws should exist.
Nicolai
More information about the Cialug
mailing list