PHP 5.2.2 and 4.4.7 Released

daeg writes "PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."

Tag this story "phpsucks" if you agree

[Andrew+Tanenbaum]

As the subject says, tag this story "phpsucks" if you agree. PHP is a notoriously insecure language, and its design philosophy from its "Personal Home Page" days still shines through, despite its later renaming.

Re:I want to see someone claim again

[nxtw]

If you tried using Mono/C# in a real world situation you'd find that it would be horrible because it would run as a CGI. The initialization for it would kill the server.

I don't think there's many high-perormance websites out there that work using forking (standard CGI). In fact, IIRC Mono doesn't even support working as CGI, and I'm pretty sure Java doesn't as well. They only support running via an external process server (much like Java), e.g. via FastCGI, local proxying, or a special webserver/process server interface. (I personally like this design much better than mod_php/mod_perl/mod_* or CGI for all but the most trivial of pages.)

It makes security easier and it means that you don't have to use the Apache prefork process model (if you use Apache).