[nycbug-talk] Searching for suspect PHP files...

Andy Kosela akosela at andykosela.com
Tue Mar 3 16:06:04 EST 2009

"Hans Zaunere" <lists at zaunere.com> wrote:

> >     ak> php websites nowadays are number
> >     ak> one on the crackers' list.
> > 
> > yeah, to my memory, PHP has been a security disaster since revision 1
> > in the late 90's.
> > 
> > I'm not sure if it's the language itself, or the fact that it attracts
> > idiots like Visual BASIC.  I think it's the language itself.  I think
> > I'm becoming stupider by writing it.
> Sorry, I can't live with this one...
> http://www.nyphp.org/content/presentations/ 
> Search for Coding secure
> There's also a corresponding article coming out in April that provides a lot
> more detail.

I don't want to speak for Miles here, but I think he meant that PHP is
flawed by design, and not asking "how to write secure code".  It is so
easy to exploit PHP bugs, that even Visual BASIC "idiots" can do it.  It
has been increasingly harder to secure HTTP, as most of the successful
break-ins are done with the help of PHP.  And Miles remarked wisely that
this trend has been going for years.


More information about the talk mailing list