An anti-PHP/anti-ASP coalition.
on
PHP 5 Recipes
·
· Score: 1, Insightful
An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.
Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.
If you can present a good case why people should move away from PHP towards alternative systems, then it might lead to some other distributions including far superior systems. Indeed, the best way to get this sort of a change is to raise awareness, and a well-publicized article may just do the trick.
I would imagine that there is a big enough community of serious web developers who are fed up with the insecurity and lack of quality that PHP poses. They might be able to offer the clout necessary to get PHP removed from mainstream distributions, and better alternatives added in its place.
Re:May I sugest a great PHP tutorial?
on
PHP 5 Recipes
·
· Score: 2, Insightful
How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.
Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.
Of course, the best option for serious work is to probably just avoid PHP, and stick with solutions that have proven themselves to be well-designed and far more secure.
A lack of security-wise individuals.
on
PHP 5 Recipes
·
· Score: -1, Troll
That's the problem: there are very few in the PHP community who have the security knowledge and background to pass good advice and technique on to others.
What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security. Of course, such a developer does not use PHP for any serious project, and does not get involved with the PHP community. And this lack of involvement of trained or experienced individuals results in the ignorant trying to teach the ignorant. That leads to the massive and numerous security problems which plague PHP and much of the software developed with it.
Re:Does the book also cover the fact
on
PHP 5 Recipes
·
· Score: 2, Interesting
PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.
Indeed. A truer statement has rarely been stated.
From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.
The Hardened-PHP project is a perfect example of what is wrong with PHP. It's not that the Hardened-PHP project itself is bad (it's a very good thing!). The problem is that the core PHP developers have not taken such basic security concerns into consideration. The fact that they have to rely on a third party to provide such integral and necessary functionality is a very bad sign.
An anti-PHP coalition?
on
PHP 5 Recipes
·
· Score: -1, Flamebait
Does anyone know if an anti-PHP coalition has been formed? What I envision is an organization of web developers who take time to point out the numerous flaws of PHP, and software written using PHP. They could even lobby distributions to not include PHP, due to the many security problems is poses.
Such a group could also give more useful reviews of books such as this. They could rate them with regards to their focus on security and writing quality code, for instance. It would also be beneficial if the group performed audits of various applications built using PHP, and put out notices suggesting which ones to avoid.
More of a community attitude issue.
on
PHP 5 Recipes
·
· Score: -1, Troll
It may also be that security doesn't play a prominent role in the PHP community. The emphasis is more on developing solutions quickly, that appear to give the desired results. But it is ignored that such systems are often vulnerable in numerous, very obvious ways. No system will ever be completely secure, but the attitude in the PHP community would appear to be one where security is considered to be of little consequence. The numerous security issues found in PHP and various applications built using PHP would appear to back up this fact.
Of course, anybody who has designed any serious web applications knows that security is paramount. The integrity of one's data is an utmost concern.
Now, writing secure code isn't always an easy task. But that's no reason for the majority of PHP users to remain ignorant of even the most basic techniques.
Re:Does it tell you how to upgrade PHP?
on
PHP 5 Recipes
·
· Score: 0, Flamebait
Perhaps the constant vulnerability issues with PHP, and also with the many applications built upon it, should tell you that it's not a suitable option for serious work.
For smaller sites, there are Ruby and Python-based solutions that often work far better, and are far more secure.
And the options for larger scale development are quite well know, as well.
Does it delve into SQL?
on
PHP 5 Recipes
·
· Score: 2, Insightful
Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.
I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.
Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?
What about security?
on
PHP 5 Recipes
·
· Score: 3, Insightful
Do the examples show how to write solid, secure code?
Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.
So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.
The problem with PHP isn't that it's difficult to learn. The main problem is that it's far too easy to misuse. That stems from the fact that until recently, there was very little focus on making it a truly secure system.
Indeed, we often see cases of developers without much experience developing systems which succumb to various PHP-related flaws. Their solution works in the sense that it displays the proper output, yet fails horribly in that malicious users can often modify database data, if not outright modify the system itself.
You do realize that humour requires something to be funny, correct? That simple requirement was clearly not present in any form in the post I replied to.
A responsible computer user would have taken precautions to protect themselves. They would have installed anti-virus software, for instance. Or if they're truly wise, they run an operating system such as OpenBSD, which promotes secure computing. They do not use AIM, as well.
As for my house, I have taken similar precautions. I have an alarm system. My expensive items are tagged. I have several dogs. I have solid doors, good windows, and quality locks. I have a tall fence around my yard. I watch my neighbors' homes for suspicious activity, and they watch ours. While my house is not a fortress, the precautions I have taken would make it quite difficult for you to steal my stereo.
So what happens it that it becomes a null issue. You can't break into my house, so you can't steal my stereo, and thus you cannot commit the maliciousness you intended.
No, you didn't witness it. Most Americans were sitting at home during the World Wars.
As for Pearl Harbor, that's somewhat closer to war. But remember, that was one incident on one day. And that wasn't even anywhere near the mainland USA. And not only that, but it was a military installation!
It's obvious you don't know my age, or the fact that I'm British. For your information, I was born in 1936, and experienced the Blitz firsthand, until I was moved to the countryside.
I don't know if they teach you about such things in your history classes over in America these days, but the Blitz is where Germany bombed London and other English cities for months on end. Over forty thousand dead, if I'm not mistaken. And even that paled in comparison to what cities like Dresden, Stalingrad, and Hiroshima faced.
I don't care if your media labels such things as being "wars". Any responsible and intelligent American will never refer to such minor inconveniences as "war".
Why is that? Because this is not, as you put it, a "superfluous system". It has a very practical and effective purpose.
A conservative (one who claims to be a Republican, if you will) would most often not realize that, and would thus be against such a system. A libertarian, on the other hand, has considered the situation and realizes that there is a benefit, and said benefit far outweighs the costs.
Jails should be for those who have committed serious crimes. People who have raped and murdered, for instance. Like it or not, sending you a virus or some spam isn't an overly serious crime. Sure, you might be out some money and time, but overall you're unharmed. Not to mention the fact that they're both situations which are very, very easily avoided.
If you get fooled by something like this, then take it as a lesson. Learn to be more careful in the future. Don't necessarily accept files from people, even if you know them. Better yet, don't use such communication systems if you care about the security of your system. And then there are hundreds of other ways to ensure a secure network or computer system.
The same goes for spam. It can be filtered out fairly effectively. You can always use junk addresses for public use. A little common sense and care goes a long way towards completely eliminating spam from your inboxes.
It's far more effective to be aware, and to take precautions, than to throw such people in jail. Simply knowing how to deal with such things properly can save much money. Not just because your systems remain secure and safe, but also because you don't have to pay more in taxes to send and keep those who create/send viruses and spam in jail.
It's called W32.Girlfriend.M and not only does it talk, it won't shut the hell up!
Your mother is not your girlfriend. And when she tells you to shave your beard, to stop eating so many Fritos, and to get a job, you should listen to her!
I'm not sure why Americans see fit to label nearly every struggle a "war". There is the "War" on Drugs, "War" on Terror, and now this "War" on Stupidity that you're babbling about.
Perhaps it is because you have not experienced true war, as much of Europe and the rest of the work has. Sure, you can talk about the American Civil War, but that conflict pales in comparison to the real conflict that Europe witnessed during the first half of the 20th century.
Do you know what the bad ones who get "weeded out" under such a system do when they can't find a job? They steal your car and sell cocaine in order to get by.
Even the strictest of libertarians will agree that it's better to have a system in place that gives such people something productive to do. Sure, they don't have the IQ to design bridges or perhaps even to work a cash register. Nevertheless, society as a whole is better off if there are opportunities available to those who cannot compete in the job market based on their (lack of) intelligence.
You can often employ several such people doing various tasks for the cost of one more police officer. It's better to keep them out of a life of crime than it is to "let nature take its course".
Slashdot Mirror
An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.
Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.
Writing an article may help with that.
If you can present a good case why people should move away from PHP towards alternative systems, then it might lead to some other distributions including far superior systems. Indeed, the best way to get this sort of a change is to raise awareness, and a well-publicized article may just do the trick.
I would imagine that there is a big enough community of serious web developers who are fed up with the insecurity and lack of quality that PHP poses. They might be able to offer the clout necessary to get PHP removed from mainstream distributions, and better alternatives added in its place.
How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.
Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.
The Hardened-PHP project is one place to look.
Of course, the best option for serious work is to probably just avoid PHP, and stick with solutions that have proven themselves to be well-designed and far more secure.
That's the problem: there are very few in the PHP community who have the security knowledge and background to pass good advice and technique on to others.
What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security. Of course, such a developer does not use PHP for any serious project, and does not get involved with the PHP community. And this lack of involvement of trained or experienced individuals results in the ignorant trying to teach the ignorant. That leads to the massive and numerous security problems which plague PHP and much of the software developed with it.
PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.
Indeed. A truer statement has rarely been stated.
From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.
The Hardened-PHP project is a perfect example of what is wrong with PHP. It's not that the Hardened-PHP project itself is bad (it's a very good thing!). The problem is that the core PHP developers have not taken such basic security concerns into consideration. The fact that they have to rely on a third party to provide such integral and necessary functionality is a very bad sign.
Does anyone know if an anti-PHP coalition has been formed? What I envision is an organization of web developers who take time to point out the numerous flaws of PHP, and software written using PHP. They could even lobby distributions to not include PHP, due to the many security problems is poses.
Such a group could also give more useful reviews of books such as this. They could rate them with regards to their focus on security and writing quality code, for instance. It would also be beneficial if the group performed audits of various applications built using PHP, and put out notices suggesting which ones to avoid.
It may also be that security doesn't play a prominent role in the PHP community. The emphasis is more on developing solutions quickly, that appear to give the desired results. But it is ignored that such systems are often vulnerable in numerous, very obvious ways. No system will ever be completely secure, but the attitude in the PHP community would appear to be one where security is considered to be of little consequence. The numerous security issues found in PHP and various applications built using PHP would appear to back up this fact.
Of course, anybody who has designed any serious web applications knows that security is paramount. The integrity of one's data is an utmost concern.
Now, writing secure code isn't always an easy task. But that's no reason for the majority of PHP users to remain ignorant of even the most basic techniques.
Perhaps the constant vulnerability issues with PHP, and also with the many applications built upon it, should tell you that it's not a suitable option for serious work.
For smaller sites, there are Ruby and Python-based solutions that often work far better, and are far more secure.
And the options for larger scale development are quite well know, as well.
Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.
I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.
Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?
Do the examples show how to write solid, secure code?
Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.
So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.
Indeed, you did lose this debate, and I proved to be the victor.
The problem with PHP isn't that it's difficult to learn. The main problem is that it's far too easy to misuse. That stems from the fact that until recently, there was very little focus on making it a truly secure system.
Indeed, we often see cases of developers without much experience developing systems which succumb to various PHP-related flaws. Their solution works in the sense that it displays the proper output, yet fails horribly in that malicious users can often modify database data, if not outright modify the system itself.
You do realize that humour requires something to be funny, correct? That simple requirement was clearly not present in any form in the post I replied to.
A responsible computer user would have taken precautions to protect themselves. They would have installed anti-virus software, for instance. Or if they're truly wise, they run an operating system such as OpenBSD, which promotes secure computing. They do not use AIM, as well.
As for my house, I have taken similar precautions. I have an alarm system. My expensive items are tagged. I have several dogs. I have solid doors, good windows, and quality locks. I have a tall fence around my yard. I watch my neighbors' homes for suspicious activity, and they watch ours. While my house is not a fortress, the precautions I have taken would make it quite difficult for you to steal my stereo.
So what happens it that it becomes a null issue. You can't break into my house, so you can't steal my stereo, and thus you cannot commit the maliciousness you intended.
No, you didn't witness it. Most Americans were sitting at home during the World Wars.
As for Pearl Harbor, that's somewhat closer to war. But remember, that was one incident on one day. And that wasn't even anywhere near the mainland USA. And not only that, but it was a military installation!
It's obvious you don't know my age, or the fact that I'm British. For your information, I was born in 1936, and experienced the Blitz firsthand, until I was moved to the countryside.
I don't know if they teach you about such things in your history classes over in America these days, but the Blitz is where Germany bombed London and other English cities for months on end. Over forty thousand dead, if I'm not mistaken. And even that paled in comparison to what cities like Dresden, Stalingrad, and Hiroshima faced.
I don't care if your media labels such things as being "wars". Any responsible and intelligent American will never refer to such minor inconveniences as "war".
No, I'm completely correct.
Why is that? Because this is not, as you put it, a "superfluous system". It has a very practical and effective purpose.
A conservative (one who claims to be a Republican, if you will) would most often not realize that, and would thus be against such a system. A libertarian, on the other hand, has considered the situation and realizes that there is a benefit, and said benefit far outweighs the costs.
Jails should be for those who have committed serious crimes. People who have raped and murdered, for instance. Like it or not, sending you a virus or some spam isn't an overly serious crime. Sure, you might be out some money and time, but overall you're unharmed. Not to mention the fact that they're both situations which are very, very easily avoided.
If you get fooled by something like this, then take it as a lesson. Learn to be more careful in the future. Don't necessarily accept files from people, even if you know them. Better yet, don't use such communication systems if you care about the security of your system. And then there are hundreds of other ways to ensure a secure network or computer system.
The same goes for spam. It can be filtered out fairly effectively. You can always use junk addresses for public use. A little common sense and care goes a long way towards completely eliminating spam from your inboxes.
It's far more effective to be aware, and to take precautions, than to throw such people in jail. Simply knowing how to deal with such things properly can save much money. Not just because your systems remain secure and safe, but also because you don't have to pay more in taxes to send and keep those who create/send viruses and spam in jail.
It's called W32.Girlfriend.M and not only does it talk, it won't shut the hell up!
Your mother is not your girlfriend. And when she tells you to shave your beard, to stop eating so many Fritos, and to get a job, you should listen to her!
I'm not sure why Americans see fit to label nearly every struggle a "war". There is the "War" on Drugs, "War" on Terror, and now this "War" on Stupidity that you're babbling about.
Perhaps it is because you have not experienced true war, as much of Europe and the rest of the work has. Sure, you can talk about the American Civil War, but that conflict pales in comparison to the real conflict that Europe witnessed during the first half of the 20th century.
Rumour has it that they've moved on from AOL IM to MySpace and GameFAQs. That can be corroborated by examining the pervasive idiocy at such places.
Does anyone have any information regarding who funded this research?
Women have always told me that my brain is in my Jeans.
Why do you keep your brain shoved up your asshole?
Do you know what the bad ones who get "weeded out" under such a system do when they can't find a job? They steal your car and sell cocaine in order to get by.
Even the strictest of libertarians will agree that it's better to have a system in place that gives such people something productive to do. Sure, they don't have the IQ to design bridges or perhaps even to work a cash register. Nevertheless, society as a whole is better off if there are opportunities available to those who cannot compete in the job market based on their (lack of) intelligence.
You can often employ several such people doing various tasks for the cost of one more police officer. It's better to keep them out of a life of crime than it is to "let nature take its course".
Or perhaps it's time to use a better browser. Konqueror and Opera both render that site just fine.