[PLUG] Preventing Probes Like This

Ron Chmara ronabop at gmail.com
Mon Aug 25 18:57:55 UTC 2008


Tim wrote:
> I make a living out of breaking into
> websites and something about the PHP platform encourages insecure coding
> practicies.
That "something" would be the same "something" that Gimp and Photoshop 
have in encouraging bad design, that Word has in encouraging bad 
writing, and that Excel has in bad accounting practices....

For that matter, it's the very same "something" that a hammer has in 
common with bad building practices... people who aren't skilled in using 
a tool for a trade can, and will, often use it wrong (or poorly).

A tool which is readily available, accessible, and simple to use, tends 
to lead to mis-use in the wrong hands.

I suppose one can blame the tool *itself* for being used wrong, but it 
seems to me like that might be placing the blame poorly.

Of course, there are coding tools available which have lots of safety 
checks built in, but such tools are kinda like... hmmm... like hammers 
that don't allow you to swing them too fast, that require you to declare 
*exactly* where you are going to swing it, and at what target, and how 
hard, before you can even pick it up, and will fail to work at all 
unless you are wearing safety goggles and work gloves ahead of time.

For a seasoned building professional, such a hammer would be a serious 
annoyance to use. For somebody who is new to pounding nails, such a 
hammer might prevent them from injuring themselves, until they have 
enough experience to remove the "training wheels".

Sadly, what seems to have happened with PHP is that many people assumed 
that because they could swing a hammer, they then knew enough to build 
their own houses.

-Bop





More information about the PLUG mailing list