Re: [chiPHPug-discuss] Not so subtle attack on PHP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Yeah I guess to this choir member the next paragraph was worse :(

Hank Marquardt wrote:
> To be fair, the next q/a ... is more balanced, though depending on 
> which choir you're preaching to it means different things ...
>
> *Q: Are you saying that sites built with open source tools like PHP 
> are more vulnerable to SQL injection attacks than sites built with .Net?
> A: *It's a question of mentality. Microsoft's mindset is to fix things 
> in such a way that the user doesn't have so much control and is 
> therefore less vulnerable. The open source tools like PHP have a 
> different philosophy. They assume that users know what they are doing 
> and want to be free of constraints, so these tools let users do what 
> they want but at their own risk. The open source tools assume that 
> developers these days are aware of the threat of SQL injection and 
> will do the right thing.
>
>
>
> On 9/26/07, *Kenneth Downs* <ke...@se... <mailto:ke...@se...>> 
> wrote:
>
>     *From: http://www.eweek.com/article2/0,1759,2188714,00.asp
>
>     Q: How can sites protect themselves against SQL injection?
>     A: *The best defense is to design your database-backed Web site
>     properly
>     to make sure it always separates SQL code and user data. You basically
>     have a choice between programming tools that are specifically designed
>     to prevent you from making this kind of mistake and those that
>     allow you
>     to get into trouble if you're not careful. Roughly speaking, this
>     corresponds to the difference between the newer Microsoft .Net
>     tools and
>     their older tools or open source frameworks like PHP.
>
>     --
>     Kenneth Downs
>     Secure Data Software, Inc.
>     www.secdat.com
>     <http://www.secdat.com>    www.andromeda-project.org
>     <http://www.andromeda-project.org>
>     631-689-7200   Fax: 631-689-0527
>     cell: 631-379-0010
>
>     -------------------------------------------------------------------------
>     This SF.net email is sponsored by: Microsoft
>     Defy all challenges. Microsoft(R) Visual Studio 2005.
>     http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>     _______________________________________________
>     chiPHPug-discuss mailing list
>     chi...@li...
>     <mailto:chi...@li...>
>     https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss
>
>


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-689-7200   Fax: 631-689-0527
cell: 631-379-0010