sitepoint.com — Many of the PHP features can lead a programmer inadvertently to allow security holes to creep into a Web application. The popular security mailing lists teem with notes of flaws identified in PHP applications, but PHP can be as secure as any other language once you understand the basic types of flaws PHP applications tend to exhibit.
Dec 21, 2005 View in Crawl 4
nouse66Dec 21, 2005
who the hell uses the exec() function in a web-app anyway? i can understand using it in a shell script type of environment...but on the web? why???
pyrolupusDec 21, 2005
ASP.Net does run on Linux (<a class="user" href="http://www.mono-project.com/Main_Page).">http://www.mono-project.com/Main_Page).</a> I actually use--and love--both.
pyrolupusDec 21, 2005
I was ambiguous, sorry: I meant that I love both PHP and ASP.Net
jo42Dec 21, 2005
> ASP.NETFor religious reasons, Microsoft products are forbidden here.Besides, if I cobble up stuff in PHP, I can run it on FreeBSD, Linux, Solaris and (gack! foo!) Windows. If I kludge stuff in ASP.NET, I am forever tied to the infidel Microsoft.
bluparadoxDec 21, 2005
"Sure, and how do we do that on our large enterprise class Sun boxes? Or our HPUX servers, or our departmental linux boxes?"Microsoft does have a whole line of enterprise level sever products... They cost money, but you can make the case that they actually make sense if you look at total cost of ownership. One of the major reasons large sites (amazon/google, etc) are often based on php has to do with the fact that linux and open source in general give you flexibility to recode parts of things to make them faster for your specific purpose, this means that on a very large scale open source can be more efficient. Being free helps, but it isn't enough by itself. I'd say that basically windows makes sense for the lower level enterprise market. Very high or low bandwidth sites are owned by open source (microsoft's fees are too great for smaller sites, and not enough flexitibility for the very large ones). You probably have something like this: blogs (linux) -> ford.com (windows) -> amazon.com (linux). There is no one size fits all solution
bmcnittDec 21, 2005
Agree that most all of these concepts apply to web application development in any language. (Because of its popularity, "PHP" is starting to become synonymous with web scripting in general -- kind of like "Kleenex" to facial tissues and "Xerox" to copy machines. I have had clients ask if I could program a "PHP" page for them not really understanding that PHP was a specific language. To them, PHP meant "web application".)Brian<a class="user" href="http://brianmcnitt.com">http://brianmcnitt.com</a>
kdeheadDec 22, 2005
essential reading for anyone beginning to program in PHP - you really should know these things. dugg.
n3ldanDec 26, 2005
mcarolan said "True, PHP does suck. But cf sucks even more. ASP.NET is the way forward"hahahahaha good one