Menu
▾
▴
Re: [chiPHPug-discuss] Not so subtle attack on PHP
|
From: Hank M. <hma...@gm...> - 2007-09-26 13:22:56
|
To be fair, the next q/a ... is more balanced, though depending on which choir you're preaching to it means different things ... *Q: Are you saying that sites built with open source tools like PHP are more vulnerable to SQL injection attacks than sites built with .Net? A: *It's a question of mentality. Microsoft's mindset is to fix things in such a way that the user doesn't have so much control and is therefore less vulnerable. The open source tools like PHP have a different philosophy. They assume that users know what they are doing and want to be free of constraints, so these tools let users do what they want but at their own risk. The open source tools assume that developers these days are aware of the threat of SQL injection and will do the right thing. On 9/26/07, Kenneth Downs <ke...@se...> wrote: > > *From: http://www.eweek.com/article2/0,1759,2188714,00.asp > > Q: How can sites protect themselves against SQL injection? > A: *The best defense is to design your database-backed Web site properly > to make sure it always separates SQL code and user data. You basically > have a choice between programming tools that are specifically designed > to prevent you from making this kind of mistake and those that allow you > to get into trouble if you're not careful. Roughly speaking, this > corresponds to the difference between the newer Microsoft .Net tools and > their older tools or open source frameworks like PHP. > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-689-7200 Fax: 631-689-0527 > cell: 631-379-0010 > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > chiPHPug-discuss mailing list > chi...@li... > https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss > |
