Menu
▾
▴
Re: [chiPHPug-discuss] Not so subtle attack on PHP
|
From: Neil Y. <ny...@as...> - 2007-09-26 13:49:58
|
Hello all - I've been lurking on this mailing list for several weeks, = but that article irks me into the open. =20 I'm frustrated that he not only attacks PHP, open source and older = languages using ASP.NET as the standard for good security. How can a security = expert keep a straight face when starting a sentence with "Microsoft's mindset = is to fix things..." .NET is just as likely to result in SQL injection in = the hands of a novice as any other language. I also am angered at his assertion that the latest batch of college = educated developers will be better prepared to tackle the problem of SQL = injection. Most programmers fresh out of college know little to nothing about real world problems like SQL injection, usually having barely mastered the = basics of iteration and OO design. =20 Neil ---------- Neil Young ASA Sales Systems -----Original Message----- From: chi...@li... [mailto:chi...@li...] On Behalf Of = Kenneth Downs Sent: Wednesday, September 26, 2007 5:55 AM To: chiphpug-discuss Subject: [chiPHPug-discuss] Not so subtle attack on PHP *From: http://www.eweek.com/article2/0,1759,2188714,00.asp Q: How can sites protect themselves against SQL injection? A: *The best defense is to design your database-backed Web site properly = to make sure it always separates SQL code and user data. You basically=20 have a choice between programming tools that are specifically designed=20 to prevent you from making this kind of mistake and those that allow you = to get into trouble if you're not careful. Roughly speaking, this=20 corresponds to the difference between the newer Microsoft .Net tools and = their older tools or open source frameworks like PHP. --=20 Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 -------------------------------------------------------------------------= This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ chiPHPug-discuss mailing list chi...@li... https://lists.sourceforge.net/lists/listinfo/chiphpug-discuss |
