Neverside

Hardend PHP

Anybody see this? HPHP is looking to be a project to make PHP more secure.

This would be a good project if it wasnt mainly protecting poorly written scripts.

___________________

[WebMobo] [Blog] [Me] [SFX]

Make your scripts right rather then trusting a beta piece of software that isn't globally installed.

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials

Well, reading the comments on Slashdot, there seem to be two opinions.

1. "Right better code!"

2. "Everybody makes mistakes. Make PHP more secure!"

I'm with #2. It's a nice idea, making clean, secure code, but when you make a mistake (and you're bound to make one sooner or later) you'll be glad you had HPHP to pick up your mistake.

So, what your really saying is that your lazy? I know PHP is hard to learn, but the only way to do it right, is do it wrong. If you fail a few times, and your shoutbox/news scripts don't work, or someone hacks your password, you learn how to code properly. Why worry about having some stupid little piece of software do it for you.

Man, some people get so lazy.

___________________

Andy

Its not easy making security mistakes in PHP...not when you know how to code PHP properly. The problem is beginners learn lazy-coding, rather than proper standardized coding.

___________________

[SIZE=1][b]General Advisor | TutorialCenter Developer | Sex Teacher / Master | Trash Taker-Outer[/b][/SIZE]
[img]http://www.skinedge.com/files/tfsig.jpg[/img][url=http://www.skinedge.com/pixelengine/pixeldemo.php][img]http://www.skinedge.com/pixelengine/randpixel.php[/img][/url]
[size=1]
[b][url=http://www.skinedge.com/tc/tutorial/]Public demo of TutorialCentral Area[/url][/b]
[ I am so neato. ]
[/size]

Your elitist attitude is disturbing.

PHP is by no means hard to learn, and that's why there are so many new people learning it and making bad code. This is a safety net for both beginners and experts. As I said, eventually you'll make a mistake and have a security hole in your code that could be exploited.

Of course, you're too good for a more secure language. You'd rather settle for something other than the most secure.

It isn't an elitist attitude, it's simply impractible.

1) Every "problem" it fixes is easily fixed by writing a better script. Also, the script processes faster when written write.

2) Simply by using the program you slow things down

3) The program is not anywhere near global, making it wholly impractible if you wish to distribute your script. It will have bugs on almost all servers. (I don't know 1 commercial webserver with this installed)

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials

all you guys are looking at it from the wrong angle. Of course you guys (me included) wouldnt need it, but for a webhosting company who hosts x amt of people this is a great idea. I would rather have a bit more safety than a jacked up server. I do agree that this is a simply fixed by writing proper scripts. But there will always be people who dont know what they are doing.

___________________

Neverside Development Director
PHP Snippets
BigToach.com - IT WORKS, TOACHY!

Quote:

Originally posted by BigToach
all you guys are looking at it from the wrong angle. Of course you guys (me included) wouldnt need it, but for a webhosting company who hosts x amt of people this is a great idea. I would rather have a bit more safety than a jacked up server. I do agree that this is a simply fixed by writing proper scripts. But there will always be people who dont know what they are doing.

Configuring PHP properly protects your server (safe mode + some stuff), and if the individual is hurt its his own fault.

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials