Submission + - PHP apps: security's low-hanging fruit
somersault writes: "There have been a lot of people on /. making jokes at the expense of PHP recently, but how many common security flaws in PHP are the fault of the language, and how many the fault of the developer? A recent Security Focus article (this version is from El Reg, the layout is better) has a brief discussion which suggests that PHP is no less secure than any other scripting language, and that it is the users of the language themselves who need to be educated. The other side of the story is that the developers of PHP themselves work on tightening up the language to make it more 'idiot proof' by default. Should the team developing PHP take a more active role in controlling the use of their language? What will it take to ensure that users of the language learn to use it securely, short of defacing every vulnerable website out there?"
