undefined | Better HN

0 pointsawalGarg11y ago0 comments

> e.g. PHP: it has a higher chance to be remotely crackable

No language war/php sucks discussion, but this isn't even remotely true :/

0 comments

Or at least, we can see that Ruby can have stupid security holes too, for example[0].

[0] http://sakurity.com/blog/2015/03/15/authy_bypass.html ("How "../sms" could bypass Authy 2 Factor Authentication".)

PHP itself might be fine, but it is very widely used, and thus very thoroughly attacked. Unfortunately, a lot of sloppy code still historically exists in PHP. PHP itself is not inherently unsafe, of course.

By the same token, if I deploy a network-facing app that invokes a lot of C code (as opposed to e.g. bytecode), I must be aware of a higher probability of stack smashing, buffer overruns, etc, and plan a deployment accordingly.

j / k navigate · click thread line to collapse