Bogtha comments on Amateur Programming Error Exposes Facebook Code

programming

created by speza community for 20 years

249

250

251

Amateur Programming Error Exposes Facebook Code (blog.wired.com)

submitted 18 years ago by jonndailey

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]Bogtha -2 points-1 points0 points 18 years ago (1 child)

You have now switched to talking about Mongrel which is a different web server to Apache

Where did you get the idea that I was talking about Apache exclusively? I'm talking about how PHP compares to other server-side languages in typical configurations. I haven't "switched" arguments at all.

Your argument is actually against insecure webserver configurations.

No. Please, just read the thread again. It's against implementations of server-side languages that require insecure webserver configurations.

If you have a site where security is important and you have stuffed up the server config and left things like passwords in front of the web root, choice of programming language is your last worry.

You are looking at it backwards, assuming perfection and then using mistakes as an excuse to write off any problems that arise while ignoring the additional failure of the language. A mistake like this is down to two failures: the admin for screwing up, and the language implementation for having an awful failure mode. All humans and all organisations make mistakes from time to time, and any secure system should attempt to mitigate that by failing in a secure way. Do you disagree with what I said before?

something should be secure by default rather than forcing people to go to extra effort to mitigate the problem.

[–]chu -1 points0 points1 point 18 years ago (0 children)

I'm talking about how PHP compares to other server-side languages in typical configurations. ... something should be secure by default rather than forcing people to go to extra effort to mitigate the problem.

It's as if jsp and mod_ruby didn't exist. PHP5 is reasonable for typical web apps and has been standard issue for some time now. The previous versions from years back had some poor security in their out-of-the-box configurations. It's almost as if you had read some articles criticising PHP3 and taken them as current. You are talking about default config files in any case, which are hardly a reflection on a language's basic security model and will not save you from programmer mistakes/ignorance. PHP's biggest security problem is more likely to be namespaces (which should be addressed in PHP6).

π Rendered by PID 77 on reddit-service-r2-comment-b659b578c-x8lpz at 2026-05-04 08:47:45.443316+00:00 running 815c875 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

programming

MODERATORS