Hacker News new | past | comments | ask | show | jobs | submit login

Is this at all incriminating against php itself? Tumblr which is written in php had a security issue and now php fog. Is php hard to secure as opposed to other languages/platforms?



Did you RTFA? This had nothing to do with php.


Did you not RTFA? The article is about a PHP hosting company that is getting merc'd because of the security flaws inherent in PHP that lead to their design decision to use Amazon EC2.


Whats up with the attitude? Seriously. The arrogance and self righteousness on HN is ridiculous sometimes and really kills the conversation.

To your point though no i didnt read the article because there was so much noise between it and the flamewar going on here that it was difficult to figure out what was even going on. However, to quote you, "The article is about a PHP hosting company that is getting merc'd because of the security flaws inherent in PHP that lead to their design decision to use Amazon EC2."

Ya wasnt that the question i just asked? Seriously maybe you should read the question before just downvoting it and replying with no reply. My question was actually a serious question. I want to know if there are security flaws in php as i am looking at it for a few projects and would like to know if there are issues with it before i start them.


PHP is just as secure as any other language. It's the programmer's best practices (or lack of) and implementation that can make the code secure or insecure. The language is mature, actively maintained, and has a nice standard lib (debatable). Whether or not YOUR program will be secure depends on you the PROGRAMMER not the language.


PHP is, by no means, just as secure as any other language. It has a horrid security track record when compared to any other language.


While there are some features of PHP which are inherently a bad idea (register globals for example) these are, for the most part, deprecated and removed in the most up-to-date version.

I agree with other views that it is the programmer's code that is insecure, not the language itself.


So does that mean ec2 is insecure? Or is the flamewar about how the article is really about the writer blaming their problems on something thats really not at fault. Meaning php or ec2?

Thanks!


phpfog's setup was insecure. It was completely unrelated to PHP. EC2, or anything other than phpfog's sysadmin's skills.


The exploit was not anything to do with PHP. A section of their site was allowing to users to execute commands under a user which they should not have been allowed to. This could have happened under any programming language.


Especially given that their codebase is apparently Ruby and not PHP.


Thanks for the downvotes, I'll take them on board




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: