[Freedombox-discuss] PHP and security

ya knygar knygar at gmail.com
Wed Sep 7 00:04:18 UTC 2011

+1 for Sam Hartman's message
i think the choice of non-PHP whenever is possible
should be made by the evidence
- that - it's often much easier to maintain and actively develop
something big, still - considerably high quality with a Python, for example.

With all the respect -- we may compare the Drupal and Plone as a reference
platforms - for this example.
Both are used for largest governmental portals.
Both are being professionally developed by a kind of
foundations/companies behind.

Both are mature and already, being scaled not a once and trying every
release, again and again - for 'future' needs.

here is some old comparison
of security track, latest are pretty the same.
For Security -
Python projects always win over PHP in all places/stats i'v seen.
Win seriously and without a real chance for PHP.

Since the nice speed of PHP doesn't matter so much as you constantly
receive the bad code,
 i don't see any arguments for PHP in FBX's.
>From what i see - people doesn't favor it for any serious, modern
development, generally.
I mean all the new interesting projects i see - doesn't use PHP at all
or only for small bits
of front-end.

heh, besides that mailing systems you may try to use in FBX would, probably,
be in PHP.

 For other that i have in mind now  - you have a better variants,
often it is Python, because of popularity and speed, but for certain
there are other really useful but not so popular languages.

PS: i recommend to avoid Java also, as it seem like a bad choice for
wide-community driven projects,
often leads to enormous size of code, and needs very strict organization around,
since contributing to Java project -- you also may easily code in -
some faulty or conceptually wrong staff.

PPS: for FBX's code i could only advice about certain projects that
may get in FBX,
or - for certain scalability choices if/when FBXF would start to program itself.
i won't evaluate PHP and non PHP by own hands also :)

PPPS: when/if we would do UI/UX staff for FBX's i would advice for
JavaScript and HTML5/CSS3 whenever is possible.

PPPPS: it is a TAC topic but i can't reply to TAC, can i?

On Tue, Sep 6, 2011 at 8:46 PM, Sam Hartman
<hartmans at painless-security.com> wrote:
> I don't think PHP is a non-starter.  Ther's a lot of really bad PHP code
> and there are some PHP practices that can make it really easy to write
> bad apps.
> However I do'n think there is anything about php that makes it
> impossible to write good apps. Also, the track record of the php core
> itself doesn't seem to be too bad in recent years.
> So, I'd find someone we trust to evaluate PHP and have them examine apps
> on a case-by-case basis.
> I'm not volunteering: I have very little PHP experience.
> --Sam

More information about the Freedombox-discuss mailing list