On Mon, 11 Jul 2016 23:13:25 -0400 Blaise Alleyne via talk <talk@gtalug.org> wrote: <snip>
There are well-designed and sophisticated PHP-based applications, like SabreDAV, like Symfony, like ownCloud/NextCloud. It's possible to write secure, well-designed code in PHP, and some people choose PHP because of it's broad accessibility for hosting, not because they don't know how to write secure code.
I'm not that old, but I've seen and worked with my fair share of terrifying PHP applications... ownCloud/NextCloud isn't one of them. *shrugs*
just while on the topic of insecure php code... I started php dev in 2000 and some of the code from that time, up to 2005, is not all that secure. (not even oop) this is from that time, and maintained for intranet (not internet) use up to 2009 - https://github.com/andrecoetzee/Accounting-123 even if you look at the php code from the early 2000's you will see that the only obvious security issues are global variables, for the rest of it, **not bad security** for that time period Of course, as time (and experience) sets in, one and all learns a lot and code from after 2012 looks a lot different :) So, I guess what I am saying is that PHP sometimes has a bad reputation also because it is so commonly used, like c, c is just as easy and just as flexible, actually I think some of my old c code has a lot more security issues than my old php code Andre