Thanks for the response
Posted Dec 28, 2006 5:37 UTC (Thu) by jake
In reply to: Thanks for the response
Parent article: The state of PHP security
Upon further reflection, the title, which I did suggest, is not an accurate representation of the contents.
PHP 5.2 and 6 are all well and good and I applaud the PHP team for whatever strides they have made security-wise. As I said, it would probably make a nice article. Unfortunately, many apps and hosting sites still only support earlier versions of PHP, some dating from 2002, perhaps. This is, of course, not the fault of the PHP team, but it might have been avoided by taking some of the steps you describe a bit earlier in the development of the language.
I get tired as well of reading SQL injection, XSS, remote file include and other vulnerabilities in PHP apps, in many cases written by people who are trying to get it right. Perhaps my weariness with all of that crept into the article more than it should have.
I appreciate your comments, thanks ...
to post comments)