On cs, 2007-02-01 at 10:19 -0500, Eric Gorr wrote: > On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote: > > > Eric Gorr wrote: > >> > >> On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote: > >> > >>> Eric Gorr wrote: > >>>> I've heard some concern expressed that PHP might be more > >>>> insecure then > >>>> other methods of developing website where security was of prime > >>>> importance. Now, I personally do not believe this, but it would > >>>> help me > >>>> to convince others if I could point to major sites, where security > >>>> (mostly with respect to the user authentication system) was > >>>> extremely > >>>> important (financial sites, etc.) and where PHP was the primary > >>>> development platform. > >>> > >>> google, yahoo. > >> > >> For their user authentication system? Session management? Everything? > >> Don't suppose there would be any URL (press release, just general > >> info, > >> etc.) with that information? > >> > >>> for the rest search Zend.com or your favorite sdearch engine > >> > >> Thanks. > >> > >> While zend.com, etc. will tell me who is using PHP, they do not > >> generally state exactly how it is being used and, as much as the > >> who, it > >> is the how that is important. > > > > ah right - please ignore my post - I wasn't really reading your > > question properly, > > my apologies > > Well, if you do not know the answer to my particular question, I'm > curious how might you respond to someone who says: > > PHP has to many security issues and should not be used with a > user authentication system. > We should use XXX. I think security mainly depends on the programmer and not on the language he uses... greets Zoltán Németh > > You are not allowed to say 'Well, you're wrong. PHP is as secure as > anything else.' without explaining why. > Or, would you agree with the statement? Is there an 'XXX' that should > be used instead of PHP? > > Given the limited number of options for maintaining state > information, I would be hard pressed to see how any language could be > inherently more security or why one could not write PHP code which > implemented the same techniques as 'XXX'. > > (No, I do not know what 'XXX' might be.) > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
