[Cialug] URGENT! How to list all files new/modified last 24 hours
David Champion
dchamp1337 at gmail.com
Fri Oct 26 14:27:18 CDT 2012
You can write Fortran in any language. Or... you can write insecure code in
any language.
Yes, a good framework will help. The stuff Josh mentions will help a lot.
Several years ago there were a lot of issues with VBScript / MS-SQL sites,
because the MS example code all had the SQL username as "sa" with no
password, and a bunch of people just left those as-is.
The main problem with PHP is that is a popular language, and easy to use,
so there is a lot of newbie code out there.
A few years ago I went to the SANS Institute PHP Security session. That was
the only class they offered that year, and there were only 4 people in
attendance. Pretty sad.
-dc
On Fri, Oct 26, 2012 at 2:07 PM, Paul Gray <gray at cs.uni.edu> wrote:
> On 10/26/2012 01:50 PM, jim kraai wrote:
>
>> The fact that engaging in that criminal negligence has fed my family and
>> many others over the years is irrelevant? ;-)
>>
>> It's an awful language, to be sure, but the amateur coders who have been
>> using it incorrectly and its popularity are to blame for the security
>> problems.
>>
>>
> Agreed - it's not entirely the language to blame.
>
> If it were just a language problem, then no one would be learning C/C++
> and everyone would be coding in Ada.
>
> Although we teach Ada here at UNI, I don't see C (nor php) going away any
> time soon.
>
> Like C, you can shoot your{self, server} in the {f,r}oot with php. The
> key is knowing how to, and then *not* doing that. PHP problems seem to
> arise from people not privy to the first part.
>
> --
> Paul Gray -o)
> 314 East Gym /\\
> University of Northern Iowa _\_V
> Message void if penguin violated ... Don't mess with the penguin
> No one ever says "Hey, I can't read that ASCII e-mail ya sent me."
>
> ______________________________**_________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/**listinfo/cialug<http://cialug.org/mailman/listinfo/cialug>
>
More information about the Cialug
mailing list