PHP 5.2.2 and 4.4.7 Released
daeg writes "PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."
go outside virgins
Oh please, fix that stupid borken mail() function.
From working with Special Olympics, I've learned one important lesson: sometimes the only way to protect a retard from cracking his own skull open is to strap a crash helmet to the fucker's head, even if he doesn't like it. Therefore, this is how we roll in our php.ini:
disable_functions = mail
I wish I could just disable the whole steaming pile of PHP crapitude, but the whining would drown out my iPod.
What is it about PHP that attracts vegetard newbies, like flies to shit?
LOL I just learnt PHP I AM TEH PROGRAMER!!!!11 OH SNAP, WHAT IS THIS "SEKURITY"? THE APP WORKS 4 ME LOL!
As the subject says, tag this story "phpsucks" if you agree. PHP is a notoriously insecure language, and its design philosophy from its "Personal Home Page" days still shines through, despite its later renaming.
http://use.perl.org/
PHP is just some hyped, misdesigned, inconsistent, unproductive kinda tool.
I don't think there's many high-perormance websites out there that work using forking (standard CGI). In fact, IIRC Mono doesn't even support working as CGI, and I'm pretty sure Java doesn't as well. They only support running via an external process server (much like Java), e.g. via FastCGI, local proxying, or a special webserver/process server interface. (I personally like this design much better than mod_php/mod_perl/mod_* or CGI for all but the most trivial of pages.)
It makes security easier and it means that you don't have to use the Apache prefork process model (if you use Apache).