|
|
|
|
|
|
by jjeaff
2128 days ago
|
|
|
Well, php is thought to power something like 80-90% of websites. So you are seeing either the same or disproportionately fewer php sites than you should if php were in fact less secure. But php has been around on the web for a long time as well, so there are a lot of unpatched softwares out there like WordPress. Probably near 99% of those compromised servers run on Linux, so by your logic, Linux is much more secure than windows servers, right? |
|
|
You'd have to assume that there is an uniform distribution of vulnerabilities and exploits through the whole set of languages used for web development for that to hold. You are begging the question.
> 99% of those compromised servers run on Linux
If the exploits manage to give the attacker root access to the OS, then yes it would be the problem of the OS. But the attack is to get access to the application. So the issue is at the application, not at the OS. You can argue that this is not the fault of the language, though. However given that a whole lot of the PHP defenders here are using "it is the easiest one to deploy" argument, one has to wonder if a platform that makes it so easy to deploy apps should also be held up for the issue of insecure apps based on it.