Erik Funkenbusch wrote:
On Wed, 03 Jan 2007 07:26:23 +0000, Roy Schestowitz wrote:
PHP Development Becoming Increasingly Popular
,----[ Quote ]
| Web development is becoming a more prosperous industry lately. Since
| the Interet and the computer wave in general is becoming quite
| lucrative, web development is becoming a booming industry in which
| everyone wants to be a part.
`----
http://www.webpronews.com/expertarticles/expertarticles/wpn-62-20070102PHPDevelopmentBecomingIncreasinglyPopular.html
http://tinyurl.com/yg5m7y
Sadly. It just means more insecure web software out there, just like 99.9%
of the rest of the PHP apps out there. It's quite possible to write secure
sites in PHP, but the language doesn't go out of it's way to help you.
Security is not generally a language function, it requires an
intelligent programmer, coupled with sensible and defensive programming
techniques.
The moment anyone, as a developer, can leave his brain at the doorstep
and not think about security in his application, architecture,
uninitialized variables, buffer overflows, logs, redundancy in his code
to prevent unauthorized/accelerated access, etc. is the moment another
.NET "it does everything for me" programmer is born?
Languages should facilitate smart people's ideas, not deprecate them.
ASP.NET on the other hand, most samples have relatively secure database
code because they use the built-in parameter features of ADO.NET rather
than simply concatenating strings like most PHP samples do.
Samples are pedagogical tools, not meant to be copied verbatim except by
clueless script monkeys -- which companies are evidently getting more of
these days, if the shitty salaries relative to cost-of-housing are any
indication today. They pay for a script monkey -- and that's exactly
what they get.
|
|
