NYCPHP Meetup

[Chris Snyder]

Hans Zaunere wrote:

>Like sendmail, I think we need to start a "Don't Blame PHP" campaign.  All
>except one of these issues is application related - not PHP itself.  Yet,
>when talking with "outsiders" about PHP, a common theme is insecurity.
>  
>
The blessing and curse of the language is how easy it is for a relative 
novice to pick it up and cobble together a really powerful application, 
without knowing or caring about all the different ways that somebody 
could come along and abuse it. The fact that most PHP code operates in a 
hostile environment (the internet) compounds the perception problem.

Look at it this way-- peer review has just upgraded security on seven 
different PHP projects! Maybe NYPHP should have review team that pokes 
at member-submitted apps and checks for things like unescaped UIDs from 
cookies and cross-site-scripting opportunities.

Thanks for posting that summary, Dan!

    chris.