Re: Annotated online documentation



Am Mittwoch, den 23.02.2005, 21:18 +0100 schrieb Murray Cumming:
>On Wed, 2005-02-23 at 21:14 +0100, Murray Cumming wrote:
>> Do bear in mind that I know nothing about competing systems. I'm just
>> trying phpwebnotes because someone gave me a patch to use it.
>
>I also forgot to ask whether anyone here can judge whether this is
>secure php, because I so often hear that php code is not secure. Would
>you allow this on the gnome servers?

It would be wrong to say that all php code is not secure. php is just
like every other language, if you know how to use it properly it is
possible to write good and secure code. Unfortunately php is not only
used by the people who really know how to code it, but also by many
people who learned the basics with trial and error or online tutorials,
which often make use of insecure ways to achieve something or are just
not up to date (e.g. wrt register_globals) . I think that this is the
main reason causing insecure code and php's bad reputation.

I had a first glance at phpwebnotes' CVS and scanned through it, looking
for potentially dangerous functions like unsafe system calls, possible
SQL injections and so on. I would not attest its security on oath, but I
was not able to find a misuse of php's possibilities while scanning its
source.

Although most of its files were modified 2 years ago, and the latest
commit 8 was months ago, I think it would be fine to use it after
further, more in-depth checking since it is also used at php.net without
big problems.

Regards,

-- Hendrik




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]