[nycphp-talk] C++,C#,Java, Python, Ruby, and finally .. PHP5
Mike Naberezny
mike.n at zend.com
Fri Jan 6 13:05:35 EST 2006
Jon Baer wrote:
> I think someone I overheard @ B&N the other day put it nicely that
> there shouldn't have to be books upon books about PHP database
> connectivity, security, etc (Java same problem) that make up the
> actual language and the reason for Rails pickup is that it is a clear
> concise path in which "you don't have to worry about that stuff".
You're just as likely to forget to call escapehtml() or h() in Rails as you
are htmlentities() in PHP. Just because the PHP security community tries very
hard to raise awareness through books and lectures doesn't make PHP any less
secure than anything else, or mean that Rails or other solutions are more
secure. Developers need to pay constant attention to security practices
regardless of the platform. You always need to "worry about that stuff".
Mike
More information about the talk
mailing list