Date: Wed, 29 Dec 2004 09:30:34 -0500 (EST) From: "Jerry Bell" <jerry@syslog.org> To: "Sean Countryman" <sean@rackoperations.com> Cc: freebsd-security@freebsd.org Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 Message-ID: <3741.209.134.164.137.1104330634.squirrel@209.134.164.137> In-Reply-To: <41D2BB75.7030607@rackoperations.com> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> <41D0C276.7080100@elischer.org> <xzpk6r1tdc2.fsf@dwp.des.no> <41D2BB75.7030607@rackoperations.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At the end of the day, PHP isn't really the problem. The problem is that people are not taking the time to learn how to code securely given the tool they are using. I do think that PHP has had the effect of lowering the bar on what it takes to be a "web programmer", though. Jerry http://www.syslog.org > You could also ask the wind to stop blowing... > > Like it or not, PHP is clearly a dominate language and is probably here > to stay for some time. It's definitely better than some other > alternatives (but I'll refrain from flames). > > Dag-Erling Smørgrav wrote: > >>Julian Elischer <julian@elischer.org> writes: >> >> >>>might be a good idea if we "urged" users to update their phpbb a bit >>>more vocally. >>> >>> >> >>...or we could urge them to stop using PHP at all. >> >>DES >> >> > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3741.209.134.164.137.1104330634.squirrel>