Menu
▾
▴
Re: [chiPHPug-discuss] Not so subtle attack on PHP
|
From: Jason R. <ja...@ho...> - 2007-09-26 14:43:39
|
Indeed.. Although I do actually agree with some aspect of the ".NET shackles you, LAMP expects that you know what you're doing" sentiment. I don't think .NET helps with SQL injection attacks specifically, however, but MS approaches in general tend to be "proscribed or impossible". I would not say, however, that this has had any positive impact on security. I am also continually frustrated with the poor quality of code I come across in lots of areas. I dont think "kids these days" are any better prepared for the realities of multi-system, multi-component architectures than they were at any other point in recent years. I will say that PHP, Perl and Python are all powerful languages. And with great power comes great sharp, pointy edges and lots and lots of rope. But I am fond of rope.. Neil Young wrote: > Hello all - I've been lurking on this mailing list for several weeks, but > that article irks me into the open. > > I'm frustrated that he not only attacks PHP, open source and older languages > using ASP.NET as the standard for good security. How can a security expert > keep a straight face when starting a sentence with "Microsoft's mindset is > to fix things..." .NET is just as likely to result in SQL injection in the > hands of a novice as any other language. > > I also am angered at his assertion that the latest batch of college educated > developers will be better prepared to tackle the problem of SQL injection. > Most programmers fresh out of college know little to nothing about real > world problems like SQL injection, usually having barely mastered the basics > of iteration and OO design. > > Neil > > ---------- > Neil Young > ASA Sales Systems > > > -----Original Message----- > From: chi...@li... > [mailto:chi...@li...] On Behalf Of Kenneth > Downs > Sent: Wednesday, September 26, 2007 5:55 AM > To: chiphpug-discuss > Subject: [chiPHPug-discuss] Not so subtle attack on PHP > > *From: http://www.eweek.com/article2/0,1759,2188714,00.asp > > Q: How can sites protect themselves against SQL injection? > A: *The best defense is to design your database-backed Web site properly > to make sure it always separates SQL code and user data. You basically > have a choice between programming tools that are specifically designed > to prevent you from making this kind of mistake and those that allow you > to get into trouble if you're not careful. Roughly speaking, this > corresponds to the difference between the newer Microsoft .Net tools and > their older tools or open source frameworks like PHP. > |
