|
|
|
|
|
|
by rglullis
2128 days ago
|
|
|
> So you are seeing either the same or disproportionately fewer php sites than you should if php were in fact less secure. You'd have to assume that there is an uniform distribution of vulnerabilities and exploits through the whole set of languages used for web development for that to hold. You are begging the question. > 99% of those compromised servers run on Linux If the exploits manage to give the attacker root access to the OS, then yes it would be the problem of the OS. But the attack is to get access to the application. So the issue is at the application, not at the OS. You can argue that this is not the fault of the language, though. However given that a whole lot of the PHP defenders here are using "it is the easiest one to deploy" argument, one has to wonder if a platform that makes it so easy to deploy apps should also be held up for the issue of insecure apps based on it. |
|
|