SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Hybrid View

  1. #1
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is PHP prone to vulnerabilities?

    Look at these 3 URLS:

    PHP
    http://osvdb.org/searchdb.php?action...&Search=Search

    Python
    http://osvdb.org/searchdb.php?action...&Search=Search

    Ruby
    http://osvdb.org/searchdb.php?action...&Search=Search

    In short:
    230 pages of PHP vulnerabilites compared to 25 Python vulnerabilities and 17 Ruby vulnerabilities

    Does it mean PHP is more prone to vulnerabilities?

  2. #2
    SitePoint Evangelist praetor's Avatar
    Join Date
    Aug 2005
    Posts
    479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Those aren't php vulnerabilities, but application ones.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2006
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Almost all of those vulnerabilities are caused by bad programming, not the PHP language or runtime itself. What insecurities there are in PHP itself are rarely exploitable through the browser.

    One reason the PHP list is so much longer is because many more commonly-used applications are written in PHP than Python or Ruby.

  4. #4
    SitePoint Evangelist
    Join Date
    May 2006
    Location
    Austin
    Posts
    401
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I have to agree that vulnerabilities are normally properties of bad coding, and not of a programming language.

    If you take into account that a huge percentage of php users don't know the difference between a markup language and a programming language, it's no wonder that there are so many poorly coded php applications.
    Merchant Equipment Store - Merchant Services, POS, Equipment, and supplies.
    Merchant Account Blog | Ecommerce Blog

  5. #5
    SitePoint Addict
    Join Date
    Jan 2006
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jestep View Post
    I have to agree that vulnerabilities are normally properties of bad coding, and not of a programming language.

    If you take into account that a huge percentage of php users don't know the difference between a markup language and a programming language, it's no wonder that there are so many poorly coded php applications.
    Or the number of times I've had the following conversation..
    Them: "Why don't my scripts work when I moved servers?"
    Me: "Check your register_globals setting"
    Them: "Whats that?"

    Ugh..
    If you give someone a program,
    you will frustrate them for a day;
    if you teach them how to program,
    you will frustrate them for a lifetime.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •