[Cialug] URGENT! How to list all files new/modified last 24 hours
Afan Pasalic
afan at afan.net
Fri Oct 26 14:22:41 CDT 2012
On 10/26/2012 1:50 PM, jim kraai wrote:
> The fact that engaging in that criminal negligence has fed my family and
> many others over the years is irrelevant? ;-)
>
> It's an awful language, to be sure, but the amateur coders who have been
> using it incorrectly and its popularity are to blame for the security
> problems.
Exactly what I was doing by keeping old code active and not updated. :-)
All my new websites are built in Drupal. Now is the best time to switch
old ones to Drupal too, or kill them completely.
:-)
>
> --jim
> On Oct 26, 2012 1:36 PM, "Nicolai" <nicolai-cialug at chocolatine.org> wrote:
>
>> On Fri, Oct 26, 2012 at 12:25:37PM -0500, Kenneth Younger wrote:
>>> PHP itself isn't inherently dangerous. Let's not spread some FUD, now.
>> It isn't FUD at all: PHP is an unmitigated security disaster. Here's a
>> page showing its percentage of security holes among all known:
>>
>> http://www.coelho.net/php_cve.html
>>
>> Ouch. Nothing else compares to that.
>>
>> You can search for vulnerabilities here:
>>
>> http://web.nvd.nist.gov/view/vuln/search
>>
>> PHP: 20,480
>> Javascript: 847
>> Python: 142
>> Apache: 573
>> nginx: 12
>> publicfile: 0
>> MySQL: 364
>> PostgreSQL: 83
>> sqlite: 25
>>
>> PHP dwarfs other software. There is just no comparison at all. If PHP
>> is considered secure, than nothing can be considered insecure.
>>
>> Quoting an OpenBSD developer and Google Security Engineer:
>>
>> "PHP is a domain-specific language for writing XSS and SQL
>> injection bugs." - Matthew Dempsky
>>
>> There are alternatives to PHP, so its use is inappropriate at best.
>> Some would say it's criminally negligent, but I don't think in general
>> that software security laws should exist.
>>
>> Nicolai
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list