SitePoint Sponsor

User Tag List

Page 2 of 4 FirstFirst 1234 LastLast
Results 26 to 50 of 90
  1. #26
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP is a popular product not aimed to be used only by the best and most experienced of programmers. That's what makes it so popular.

    Fortunately, as people gain more knowledge of PHP, they become more aware of its true power.

    1) We already have a secure language
    2) PHP was designed from the begining without magic quotes & register globals
    3) They aren't used anymore anyway, so we're left with no worries about that
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  2. #27
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Those who say that php is secure do not know about bugs in popular php scripts like phpbb or phpmyadmin.
    Almost every version of phpBB 2 had sql injection bugs.
    They could solve the problem only by rewriting phpBB 3
    I can say that phpBB team learned to program in php only after they released 3rd version of popular forum.
    If php was good language then most bugs were impossible.
    e.g. with prepared statements sql injections is much harder.
    If variables must initialized then then XSS is much harder to do.
    If language comes with good control based framework like asp.net then XSS is header to do.

  3. #28
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1) We already have a secure language
    can't agree

    How many banks use php for their Internet Banking ?
    Most of them use Java.

  4. #29
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let me tell you something really important about coding PHP. I have an MCPD (enterprise) in Microsoft .NET so you can be sure I know my way around it, and still - whenever I code .NET I feel too much as if I'm following things by the book. PHP gives me freedom, it gives me power - and you know what comes with great power.

    phpBB developers were lazy and unresponsible in the past, that's why they had so many bugs, not because of PHP. You still have to validate input in .NET as well, you know!

    By the way - as of PHP 5.3 variables will have to be declared before any use.

    Either way, PHP is a language - just like C# if you so please. There are many frameworks for it, you can choose the one/s you like. PHP has the most innovative capable frameworks in the open source world.
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  5. #30
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Lol is it just me or is max7's statements becoming more and more...I cannot think of a word that doesn't sound rude...
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  6. #31
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by max7 View Post
    can't agree

    How many banks use php for their Internet Banking ?
    Most of them use Java.
    Mind if I ask for your age?
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  7. #32
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    Lol is it just me or is max7's statements becoming more and more...I cannot think of a word that doesn't sound rude...
    Pathetic in a very very sad way?
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  8. #33
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Agreed - but back on track as this guy needs to learn something about PHP.

    PHP is a language.

    PHPBB is a software made in PHP. Because of the bad coding of the first versions, they were buggy.

    You're basically saying that just because some people can't speak english properly that english is a bad language.

    Seriously, do some research into this. PHP is the most widely used internet programming language. I'm guessing you've only seen it used as a scripting language.

    Look at MVC, look at PHP's OOP capabilities. Look at how easily data is grabbed from a database in PHP - unrivalled anywhere.

    And for christ's sake grow up.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  9. #34
    SitePoint Guru dbevfat's Avatar
    Join Date
    Dec 2004
    Location
    ljubljana, slovenia
    Posts
    684
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by max7 View Post
    How many banks use php for their Internet Banking ?
    Most of them use Java.
    Well, that's another good principle put to use: use the right tool for the right job. PHP is as unfit for developing banking software, as Java is for rapid web development.

  10. #35
    SitePoint Evangelist ghurtado's Avatar
    Join Date
    Sep 2003
    Location
    Wixom, Michigan
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Max7, you are making an absolute fool out of yourself by proudly displaying your ignorance regarding PHP on this thread. You have made it very clear you have no clue when it comes to PHP or programming in general. I suggest you stop digging before you make it worse. There is not a single person on these forums who you can fool into thinking that you know what you are talking about.
    Garcia

  11. #36
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Both magic quotes & register globals are deprecated and turned off in PHP5. They will be completely removed in PHP6. They are no longer an issue, so why fight about it?

    Anyone can find any application that was built insecurely. phpBB is a prime example of how NOT to build an application. So as others have already stated, the language isn't the problem, the programmer using it is. Security flaws are probably more commonplace in PHP applications than in other languages because of it's very low barrier to entry, and as a result PHP gained the perception of being inherently insecure. But no language can protect users from shooting themselves in the foot by using unfiltered, unescaped, raw POST data directly in queries - not even Java.

    Is C/C++ insecure because of the stack overflow and memory allocation problems with many of the applications that it's built with? Of course not - It's just easy for developers to make mistakes in that area with that language. Does the recent MSSQL Injection Attack affecting thousands of servers mean that MSSQL is inherently secure? Of course not. It just means the developers didn't limit the access permissions on the MSSQL user reading from that database. Yet you conclude that PHP is inherently insecure because of known problems with applications built with it. That's bad logic, and it doesn't flow. If it can be concluded that a language is inherently insecure because of any application built with it that has vulnerabilities, then every programming language in the world could be declared insecure - and yes, that includes Java (Have you ever read The Daily WTF?).

    So please, stop ranting and making yourself look like an ***. It's obvious to everyone reading this thread that you're just trolling and have no idea what you're talking about. Are you even a real programmer?

  12. #37
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can't agree with everyone

    What you will say If I am 13 years old?

    PHP is more then just language.

    PHP is insecure implementation of PHP language.
    PHP it self is buggy. You may see how often buffer overflow bug was fixed.
    In Java or managed .NET buffer overflow code injection is not possible.

    PHP is bad language. We are not talking about future versions. Right now millions of servers have what we have right now. We will even longer use old PHP software.

    Right now PHP help send spam, abuse hosting servers, steal credit card data.

    If PHP was correctly designed from beginning then we had a much better situation.

    Less fraud and more better web services.

  13. #38
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by max7 View Post
    What you will say If I am 13 years old?
    Believe you.


    Quote Originally Posted by max7 View Post
    PHP is more then just language.
    right so far.....

    Quote Originally Posted by max7 View Post
    PHP is insecure implementation of PHP language.
    That makes no sense.

    Quote Originally Posted by max7 View Post
    PHP it self is buggy. You may see how often buffer overflow bug was fixed.
    In Java or managed .NET buffer overflow code injection is not possible.
    Note the wording of your own sentence "You may see how often buffer overflow bug was fixed"
    [/quote]

    Quote Originally Posted by max7 View Post
    PHP is bad language. We are not talking about future versions. Right now millions of servers have what we have right now. We will even longer use old PHP software.

    Quote Originally Posted by max7 View Post
    Right now PHP help send spam, abuse hosting servers, steal credit card data.

    If PHP was correctly designed from beginning then we had a much better situation.

    Less fraud and more better web services.
    Wrong.
    People will always find a way to exploit whatever language is used to gain the advantage. ASP et al all have their exploits so blaming a language for a users stupidity is like blaming the car for crashing into the wall. The car didnt crash - the driver did.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  14. #39
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I blame guns when people get shot.
    I don't blame the people who pull the trigger.

  15. #40
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    That has nothing to do with PHP you do realize that don't you? I mean no one could be that stupid to think that PHP is the cause.
    Unfortunately, there are many people out there all too willing to spread this misconception. At one company I worked for, an outside SEO "expert" whose HTML skills were stuck in 1997 and who knew nothing about programming put a bug in my boss's ear that PHP was unreliable. And since she was the one who was driving traffic to the company Web sites, he was all too willing to take her word for anything, no matter how misinformed.

  16. #41
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    What you will say If I am 13 years old?
    I really wouldn't be suprised. You'd just happen to be a very severely misinformed 13 year old.

    PHP isn't the cause of all this b.s. you're talking about - the programmer is.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  17. #42
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may see how often buffer overflow bug was fixed
    Java verifies buffers. So you can't inject code with buffer overflow bug.
    It is good when bugs are fixed but it is much better when such bug is not possible.

    ASP
    ASP is not managed. It is like PHP and even more buggy.

  18. #43
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by max7 View Post
    Java verifies buffers. So you can't inject code with buffer overflow bug.
    It is good when bugs are fixed but it is much better when such bug is not possible.
    Java has no buffer overflows eh?
    http://www.securityfocus.com/bid/21675
    http://secunia.com/advisories/23757/
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  19. #44
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    Although one thing we havent addressed in this thread as yet is your reason for the thread.

    Whats the point in the thread Max? Discussion? Derision? BS? Genuine dislike for PHP and all that it has done to improve websites, programming and bringing coding to a different level to a wider audience?

    Whats your point Max?
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  20. #45
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    Although one thing we havent addressed in this thread as yet is your reason for the thread.

    Whats the point in the thread Max?
    Max didn't start the thread. He just changed the course.

  21. #46
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    Although one thing we havent addressed in this thread as yet is your reason for the thread.

    Whats the point in the thread Max? Discussion? Derision? BS? Genuine dislike for PHP and all that it has done to improve websites, programming and bringing coding to a different level to a wider audience?

    Whats your point Max?
    The OP is blueyon, not max7. I don't sense that blueyon totally dislikes PHP, only certain aspects of it that he perceives as feature bloat.

  22. #47
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by max7 View Post
    What you will say If I am 13 years old?
    I definitely believe you here - I think that's the first correct statement you've made this entire thread.

    Quote Originally Posted by max7 View Post
    PHP is more then just language.

    PHP is insecure implementation of PHP language.
    What? ... How can a language be an insecure implementation of itself? PHP is written in C. So if PHP is insecure, following your logic, surely that means C is insecure because that's the tool Rasmus used when making PHP? Because obviously he would not have even been able to make PHP insecure if C wasn't insecure?

    Quote Originally Posted by max7 View Post
    Right now PHP help send spam, abuse hosting servers, steal credit card data.

    If PHP was correctly designed from beginning then we had a much better situation.

    Less fraud and more better web services.
    Right... and PHP should obviously attempt to detect what people are using it for, and make itself not work if people are trying to use it to send spam, abuse hosting servers, and steal credit card data. Everyone knows that malicious activities are never attempted with any other language, especially not Java.
    Last edited by r937; Sep 23, 2008 at 11:16. Reason: removed some disrespectful remarks

  23. #48
    SitePoint Addict
    Join Date
    Feb 2007
    Posts
    251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is it just me or does everybody seem a bit touchy today?

  24. #49
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You completely do not understand what I say.

    There is language and there could be many implementations.

    e.g. Python (Python, JPython and IronPython),
    Ruby - Ruby, JRuby
    C++ - MS Visual C++, GCC, etc

    There were 5 implementations of PHP when I was looking for them 1 year ago.
    PHP and Quercus are most complete.
    Quercus is implementation of PHP.

    So PHP as language is the same as PHP as implementation of that language.
    I criticized both language and implementation.

  25. #50
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    There's one mainstream PHP version, and that's PHP 5. Quercus isn't a PHP implementation, its simply PHP but written in Java not C. It's far from mainstream.

    Critisise all you like, but it is a superiour programming language for web developers.

    Yes, it can be used to send spam. Heck, any programmer worth anything could write a spambot in Java, C#, PHP, ASP, ASP.NET, C, C++ - whatever languages they know. Once I had to do a test on one of my sites to see if it was really spam proof, and I used C# for that.
    A while after I had to do the same but with more complex coding - make it learn how to get the answer to maths questions and find which elements aren't visible etc, and it worked, I recoded it in Java (and that's why I continue to use Captcha).

    PHP could also be used.

    Stealing bank account details? Come on, that's not to do with PHP.

    Basically, PHP can do pretty much any web concept you want, unless it involves alot of interaction which is when you bring JS or even applets into it.

    It's not the tools made to create that concept you should blame, it's the concept itself.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •