[SLL] OSS commerce
Bill Campbell
bill at celestial.com
Sat Dec 22 12:06:47 PST 2007
On Sat, Dec 22, 2007, Rob Smith wrote:
>On Dec 22, 2007 10:38 AM, Bill Campbell <bill at celestial.com> wrote:
>> Interesting although my initial reaction is that anything processing money
>> written in php is likely to have major security problems.
>>
>> Bill
>
>Wow, way to spread FUD...
>
>Do you have any real reason for saying so?
Seeing multiple security holes in the horde group of web products and other
php based systems, as well as seeing many security advisories from CERT,
SANS, etc.
http://www.sitepoint.com/article/php-security-blunders
PHP is a terrific language for the rapid development of dynamic
Websites. It also has many features that are friendly to
beginning programmers, such as the fact that it doesn't require
variable declarations. However, many of these features can lead
a programmer inadvertently to allow security holes to creep
into a Web application. The popular security mailing lists teem
with notes of flaws identified in PHP applications, but PHP can
be as secure as any other language once you understand the
basic types of flaws PHP applications tend to exhibit.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Instead of giving money to found colleges to promote learning, why don't
they pass a constitutional amendment prohibiting anybody from learning
anything? If it works as good as the Prohibition one did, why, in five
years we would have the smartest race of people on earth.
-- The Best of Will Rogers
More information about the linux-list
mailing list