Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment PHP taint what it should be (Score 2, Insightful) 165

We see a lot of people use the phrase "defective by design" when talking about Vista and in that instance I'm pretty sure the use of the term is correct. Having never used PHP but heard of its many security problems I'm wondering: Is PHP defective by design?

Maybe. PHP is a wonderful interpreted language that makes creating a web application easy. The biggest problem with PHP are the entry-level programmers who don't understand the beast that is web programming.

Many PHP programmers don't understand the number one rule of secure web programming: All user data is evil. Anything that comes from an HTTP request can not be trusted. Heck, I don't trust it even after it has been stored in a database table or the file system. I would love to see a Perl-ish taint mode built into PHP that tells the programmer "This data has come from an insecure source. Please don't eval() it or unserialize() it or write it to disk. Cheerio."

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...