[Freedombox-discuss] PHP and security
knygar at gmail.com
Wed Sep 7 00:04:18 UTC 2011
+1 for Sam Hartman's message
i think the choice of non-PHP whenever is possible
should be made by the evidence
- that - it's often much easier to maintain and actively develop
something big, still - considerably high quality with a Python, for example.
With all the respect -- we may compare the Drupal and Plone as a reference
platforms - for this example.
Both are used for largest governmental portals.
Both are being professionally developed by a kind of
Both are mature and already, being scaled not a once and trying every
release, again and again - for 'future' needs.
here is some old comparison
of security track, latest are pretty the same.
For Security -
Python projects always win over PHP in all places/stats i'v seen.
Win seriously and without a real chance for PHP.
Since the nice speed of PHP doesn't matter so much as you constantly
receive the bad code,
i don't see any arguments for PHP in FBX's.
>From what i see - people doesn't favor it for any serious, modern
I mean all the new interesting projects i see - doesn't use PHP at all
or only for small bits
heh, besides that mailing systems you may try to use in FBX would, probably,
be in PHP.
For other that i have in mind now - you have a better variants,
often it is Python, because of popularity and speed, but for certain
there are other really useful but not so popular languages.
PS: i recommend to avoid Java also, as it seem like a bad choice for
wide-community driven projects,
often leads to enormous size of code, and needs very strict organization around,
since contributing to Java project -- you also may easily code in -
some faulty or conceptually wrong staff.
PPS: for FBX's code i could only advice about certain projects that
may get in FBX,
or - for certain scalability choices if/when FBXF would start to program itself.
i won't evaluate PHP and non PHP by own hands also :)
PPPS: when/if we would do UI/UX staff for FBX's i would advice for
PPPPS: it is a TAC topic but i can't reply to TAC, can i?
On Tue, Sep 6, 2011 at 8:46 PM, Sam Hartman
<hartmans at painless-security.com> wrote:
> I don't think PHP is a non-starter. Ther's a lot of really bad PHP code
> and there are some PHP practices that can make it really easy to write
> bad apps.
> However I do'n think there is anything about php that makes it
> impossible to write good apps. Also, the track record of the php core
> itself doesn't seem to be too bad in recent years.
> So, I'd find someone we trust to evaluate PHP and have them examine apps
> on a case-by-case basis.
> I'm not volunteering: I have very little PHP experience.
More information about the Freedombox-discuss