> Do you not think stuff like this should be pointed out to the public so that > when selecting a web host they know that one who supports PHP may be putting > them at extreme risk compared to one who is a bit more security conscious? Well then we better start having web hosting companies who support ASP, Perl, CGI etc. be pointed out to the public so that when selecting a web host they know that they might be being put into an extreme risk situation. It's not the language, it's the programmer. If a programmer, no matter what the language might be, programs insecure and improperly then it comes down to the programmer to learn do proper coding and security of the application be it for the web or for a desktop based program. Improper coding in an ASP or Perl scripts can cause just as much trouble as improper coding in a PHP script.
