OT: Web page source code
Fairlight
fairlite at fairlite.com
Tue Aug 12 11:58:41 PDT 2008
This public service announcement was brought to you by Jose Lerebours:
> The original poster does not go into detail of what exactly he intends to
> do, so the possibility that one of these products will serve his purpose
> exists. I think they do more than creating a CHM but I am not going to
> argue with that ... since it is also possible that that is all they do.
Even I said they do more than .chm. Many also do .exe.
> I would not know about that, I have never use it nor intent to ever use
> it. Of course, if a project comes alone where IT is the tool to use,
> then I will use it. Given the choice, I rather not.
If you ever hit that, ask me about OneGate instead. You'll be happier.
> >>I haven't seen this much fear, uncertainty, and doubt put forth in
> >>quite some time, Jose. Geez. Do some research.
>
> That was not my intend, and if I put fear on you or any other member
> of the list, I sincerely apologize for that. I was trying to be
> constructive and direct with the hope that the message gets home.
No fear here...obviously I can evaluate the facts quite thoroughly myself.
Your implications seemed like a FUD campaign against CGI, however.
> I love it when people mock PHP. PHP itself is not any worst than Perl,
> Python, ASP, JSP, or any CGI tool available out there. I really believe
> that how the applications are written is what defines their structure
> integrity or lack there of.
Actually, PHP's very model makes it worse-off than perl. The tighter
binding to the web server -by nature- gives it more exposure in terms of
risk and repercussions. Perl doesn't have that working against it unless
you use mod_perl, which I refuse to do.
As for the structure and integrity of software...
There's something inherently wrong with an architecture that puts not only
the architecture itself but every application based upon it at the top of
the security digests -every single week-. Even Microsoft can't manage
that!
Any design that allows (and apparently encourages) the users to do things
that are security violations on the scale PHP does is fundamentally flawed,
IMNSHO.
I read SANS weekly. Almost every week, the PHP issues (be they PHP itself
or PHP-based apps) outnumber the entire rest of the security alerts across
all platforms, applications, and languages. By contrast, the last time I
saw anything related to perl or that was a blatantly perl-based application
was the strftime() bug in perl itself, which was promptly fixed. That's
the last conspicuously one I remember, anyway.
PHP is like AOL: So easy to use, any idiot can--and too many do. The fact
that the community isn't even remotely as self-policing as the perl
community (which has really stringent standards, despite the freeform
nature Perl is capable of using) doesn't help matters.
> I am very comfortable with PHP. In all the years I've been writing code,
> if I dropped a language or tool just because I heard it was problematic,
> I would have never worked in this industry. Imagine what would have even
> happen with filePro if we ever pay any attention to that kind of talk ...
First we'd have to get outside the circle of about 300 people that actually
talk about filePro at any given time within this community. Something
needs exposure to be able to hear bad (or good) things about it in the
first place. In that regard, fP is almost a no-op. I ran into the first
new non-list-related person in ten years that actually not only knows what
it is, but has it running on several servers, the other week. He's one of
the founding members of my Call of Duty 4 clan. When you can go a decade
and not find someone new that isn't part of this tiny community who doesn't
give you a (virtual or real) blank stare when you mention the name, it's a
problem for the product.
> Any way, we are all entitled to our opinion and I humbly respect yours.
I respect yours. I disagree with it, but you're entitled to hold and
defend it. :)
mark->
More information about the Filepro-list
mailing list