[PLUG] Step away from the PHP

Tim tim-pdxlug at sentinelchicken.org
Wed Jan 27 10:03:27 PST 2010


> >> A warning for those PHP developers and app maintainers who aren't on
> >> the security mailing lists:
> >   Does PHP stand for Pretty Heavy Problems?
> 
> Programming Has Problems....
> 
> Any sufficiently dumbed down, easy to implement, solution creates an
> inversely equal level of problems in actual use. In this case, the PHP
> "session" development was initially implemented (IIRC) as a way for
> coding newbies to slap together very simple way of maintaining state
> on an inherently stateless medium (http), with expected levels of poor
> performance, scalability, and security.

Frequently in security people like to assert that usability and
security are a simple trade-off.  In some specific instances this is
true, but in most cases it's simply false, IMHO.  There is often a
solution, with the right design, to provide the same level of
usability with better security.

I'm not trying to put words in your mouth, but you seemed to touch on
that assertion.

tim



More information about the PLUG mailing list