Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Do you whitelist or blacklist utf-8?



/me fans the flames

On 27 February 2011 01:33, Darren Cook <darren@example.com> wrote:

> This side thread started because I thought the original comment ("And,
> yeah, for better security, don't use PHP") sounded unreasonable.

The fact that it sounded reasonable to several other experience
developers on this list might be worth noting. ;)

>[T]he original comment should
> have read: "And, yeah, for better security don't use a version of PHP
> more than 5 years old, and don't use frameworks or other libraries (with
> any language) unless you are sure the authors understand the various
> security attacks."

Or, the simplified version, courtesy of Stephen J. Turnbull:

"And, yeah, for better security, don't use PHP"

> P.S. I hate language wars, even when I'm joining in them. But it matters
> out there in the Real World: for many web projects there will be a PHP
> Quote, and a Java Quote

A Java quote? For web development? Of course Java webapps take longer
to develop, since you're using an extremely (unnecessarily)
complicated jackhammer to turn a wood screw. ;-P

One can whip up a PHP webapp in 15 minutes to solve most problems,
which is why you should not compete primarily on price in the
coder-for-hire market (quoth someone who has never worked in such a
job, handing over the requisite barrel of NaCl as he quoth't).

Ruby on Rails, Python on Django, and Perl on Catalyst are all, IMO,
solutions that compete favourably with PHP for ease of implementing a
fairly standard webapp, and all have better security records than does
PHP.

Just sayin' is all.

> It is just very annoying when the inferior team is chosen because of
> something the decision maker heard in a bar from a language advocate. :-)

But do you really want to work for said decision maker? Perhaps he's
not so good at making other decisions, either.

Not attacking you at all, Darren, you just gave me a step ladder to
use for climbing onto one of my favourite soapboxes. ;)

-- 
Cheers,
Josh


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links