SitePoint Sponsor

User Tag List

Page 3 of 4 FirstFirst 1234 LastLast
Results 51 to 75 of 90
  1. #51
    SitePoint Member Renard Urbain's Avatar
    Join Date
    Jul 2008
    Location
    Montréal, Canada
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by max7 View Post
    C++ - MS Visual C++, GCC, etc
    So far I see 2 compilers. One used mostly for windows environment. GCC is *mostly* for *nix environment.

    In any way possible can you actually provide any kind of concrete proof that PHP itself is the cause of the security/bugs problems ? Because following your way of thinking I could say that python is unsecure because django can have security fixes. But you know python is quite widespread on almost every google applications.

    (By the way, a bit off topic but wasn't youtube buit using python ? they only expose apache tho).

  2. #52
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You do not understand me when I tell that php is used to send spam.

    Of course you can send spam in other languages.
    But spammer can't say sell me server I will send spam.

    Spammer hack server and then they send spam.
    Here comes buggy php.

    With php you get access to other user accounts on server. You can upload shell code to send spam.

    Spaming is not that simple like writing spamming software.

  3. #53
    ¬.¬ shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Oh my this thread is becoming quite entertaining. Just watching max7 try and convince us just makes me laugh every time.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  4. #54
    SitePoint Member Renard Urbain's Avatar
    Join Date
    Jul 2008
    Location
    Montréal, Canada
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did not understood everything you wrote, but for what I see you simply just roll on the same points over and over but you do not provide any real proof. Again the problem here is the programmer not the language itself.

  5. #55
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I already told about uninitialized variables, register_globals, magic_quotes.

    I do not wish to to repeat. But I agree that we start a loop.

    ---

    those 2 compilers are implementation of C++.
    PHP from php.net is implementation of PHP language.

  6. #56
    ¬.¬ shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Compilers: A compiler is a computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).

    Compilers are not an implementation of any language.
    PHP is not an implementation of PHP because it cannot be an implementation of itself.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #57
    SitePoint Member Renard Urbain's Avatar
    Join Date
    Jul 2008
    Location
    Montréal, Canada
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And you have been told too that it is already deprecated and removed as of PHP6, on top of that you could easily code secure application even with register_globals, you just had to initiate your variables. As simple as that.

    Code for some years with PHP and others (python/ruby [no frameworks!]/perl) and then come back and tell us of your experience. I'd be quite curious.

  8. #58
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will go and code in php a bit. I plan to stop post on that thread but without me it will die as notbody agree with me.

  9. #59
    SitePoint Member Renard Urbain's Avatar
    Join Date
    Jul 2008
    Location
    Montréal, Canada
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Mind you, quite everybody got years behind themselves.

  10. #60
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    PHP is not an implementation of PHP because it cannot be an implementation of itself.
    Perhaps the self-referential acronym has him confused.

  11. #61
    SitePoint Addict
    Join Date
    Jul 2006
    Posts
    200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's a case of backwards compatibility. That's the kind of thing that leaves Windows slow in Vista, because it has a backlog of a decade or two of backwards compatibility.
    Imagine you have a company with 2000 computers and printers, running XP. Now do you want to have to upgrade to vista and purchase 2000 new printers because of Microsoft? I think things shouldn't change so quickly anyway. Change too fast is what gets humans in too much trouble. You go out and purchase 2000 new printers with YOUR money, repeat YOUR money, and I bet you want be so fast to want vista or software re-writes. By the way the best upgrade to vista is xp service pack 3.

  12. #62
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why not ubuntu?

  13. #63
    SitePoint Member Renard Urbain's Avatar
    Join Date
    Jul 2008
    Location
    Montréal, Canada
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let's reverse, why Ubuntu ? Don't forget, it's not only developers that are working in enterprises. There are also computer illiterate users that have hard time enough with Windows.

  14. #64
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    @Max: Because windows is a secure platform ideal for business - that's why.

    Jim, I agree. However, it all builds up and gets slower and bulkier - like a snowball falling down a hill of snow.

    To be honest I couldn't care less if my computer couldn't run a program built for win 2k.

    Drivers - thats fair enough.

    But I think it's about time MS started fresh. Don't you?
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  15. #65
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    But I think it's about time MS started fresh. Don't you?
    I've heard rumors that that's what they intend to do after Vista. Can anyone confirm this?

  16. #66
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jim9 View Post
    Imagine you have a company with 2000 computers and printers, running XP. Now do you want to have to upgrade to vista and purchase 2000 new printers because of Microsoft? I think things shouldn't change so quickly anyway. Change too fast is what gets humans in too much trouble. You go out and purchase 2000 new printers with YOUR money, repeat YOUR money, and I bet you want be so fast to want vista or software re-writes. By the way the best upgrade to vista is xp service pack 3.
    Ummm.... This isn't a Vista/XP thread... The Vista reference was purely used to point out why the current deluge of functions still exists in updated versions of PHP - they can't take them out or do a massive renaming without forking the project, because they have to be backwards compatible with previous versions for the scripts that were built for them.

    With php you get access to other user accounts on server. You can upload shell code to send spam.
    You say that like you get automatic free access to the server with PHP... Access to other folders depends entirely on the set folder permissions, which is a property of the folder that is set by Unix/Windows. PHP runs with a set user, and is restricted within a site's root folder with open_basedir set in Apache's virtual hosts file along with the entry for that domain. No shared hosting company I know of allows PHP access to any folder outside a user's own root directory. What hosts have you been using?

  17. #67
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by World Wide Weird View Post
    I've heard rumors that that's what they intend to do after Vista. Can anyone confirm this?
    They have experimental OS called Singularity.

    Singularity is written in secure language called Sing#.

    Sing# is similar to managed C#.
    It has similar limitations like managed C# but it compiles native code.

    It makes it possible to create micro kernel OS with language protection instead of hardware memory protection.

    Such OS should be fast and secure.

    There is also 2 open source OS in java.

    Next OS Midori might be based on Singularity.

  18. #68
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Renard Urbain View Post
    Let's reverse, why Ubuntu ? Don't forget, it's not only developers that are working in enterprises. There are also computer illiterate users that have hard time enough with Windows.
    I advised ubuntu as we was discussing php. I advise it to php lovers because many people do not like Vista for some reasons.

    The biggest disadvantage of Ubuntu is lack of games.

    PS I do not like Tux Racer and I do not like to run programs in wine.

  19. #69
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @Max: Because windows is a secure platform ideal for business - that's why.
    Why you say Windows is secure? I do not agree that it is ideal for business or anything else. It is know for its bugs.

    The bad windows performance and stability is coursed by many things but one of such things is windows registry.

  20. #70
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You say that like you get automatic free access to the server with PHP... Access to other folders depends entirely on the set folder permissions, which is a property of the folder that is set by Unix/Windows. PHP runs with a set user, and is restricted within a site's root folder with open_basedir set in Apache's virtual hosts file along with the entry for that domain. No shared hosting company I know of allows PHP access to any folder outside a user's own root directory. What hosts have you been using?
    I do not say every. I say 10% of accounts.

    PHP often runs a "nobody" user.
    open_basedir does not able to limit modules properly.

    THere are "scanner" (some are available in public) that you can upload on host. It will find DB passwords, folders with 0777 permissions, etc.

    Some hosting permit php execute commands.

    These commands have nobody user rights but do not have open_basedir limitations.

    There are techniques like scanning /tmp folder amd other folders.

    Linux has user tmp folder module but php runs as "nobody" and sessions offen shared. There are many other techniques.

    All they are based on bad php design concepts.

    DirectAdmin has file with all domains so it is easy to guess web roots.

    /home/$user/domains/$domain/www

  21. #71
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Czaries View Post
    Ummm.... This isn't a Vista/XP thread...
    This thread apparently isn't about anything anymore. Geez, this guy is all over the place.

    Apologies to the OP. Perhaps a moderator could snip off everything after the first few posts and move it to a more general-purpose forum?

  22. #72
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    or snip it and bin it perhaps....
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  23. #73
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    or snip it and bin it perhaps....
    Nah, don't delete it. Self-ownage is fun to watch.

  24. #74
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by World Wide Weird View Post
    Nah, don't delete it. Self-ownage is fun to watch.
    LOL!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  25. #75
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    PHP often runs a "nobody" user.
    open_basedir does not able to limit modules properly.

    THere are "scanner" (some are available in public) that you can upload on host. It will find DB passwords, folders with 0777 permissions, etc.

    Some hosting permit php execute commands.

    These commands have nobody user rights but do not have open_basedir limitations.

    There are techniques like scanning /tmp folder amd other folders.

    Linux has user tmp folder module but php runs as "nobody" and sessions offen shared. There are many other techniques.

    All they are based on bad php design concepts.

    DirectAdmin has file with all domains so it is easy to guess web roots.

    /home/$user/domains/$domain/www
    Wow, I didn't think anybody could misunderstand the linux web server filesystem and how PHP uses it so much.

    It sounds like you've just been told this and listened to it blindly without any evidence.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •