[SATLUG] The web page
Patrick Barnes
nman64 at n-man.com
Thu Dec 1 01:59:17 CST 2005
Bruce Dubbs wrote:
> Tom Weeks wrote:
>
>
>> My only suggestion is to stay away from PHP based solutions.. Too many
>> vulnerabilities.
>>
>
> I've not heard much about this. Are you saying that the language is
> inherently vulnerable or that the people who use php don't know how to
> do it securely? Do you have any references?
>
> -- Bruce
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug
>
>
It's a bit of both. There have been numerous vulnerabilities in the
language itself, forcing PHP programmers to chase bugs and make
revisions to eliminate vulnerabilities. Also, PHP doesn't really
enforce good habits, or really any habits at all. PHP programmers,
generally speaking, tend to be sloppy, which results in all kinds of
problems, including security vulnerabilities. The former is really the
bigger problem in selecting a solution, as solutions with sloppy code
can be avoided. Unfortunately, many of the most popular solutions,
including Drupal, have had more than their fair share of problems.
Within the Fedora Project, we have been considering various wiki and CMS
systems for several purposes. We have, for some time, used MoinMoin at
fedoraproject.org. It works very well, has a good security history, is
written in Python, is easy to install and maintain, and can perform many
tasks normally allotted to CMS systems. We ruled out Drupal for the
reasons above, and have held strong biases against PHP solutions. I
strongly suggest MoinMoin, as it seems like the perfect solution for
SATLUG, and I would be happy to assist in installing and maintaining it,
as well as answering questions and even producing patches for
new/different functionality where required.
In addition to fedoraproject.org and my personal site, you can find a
number of MoinMoin wiki installations at
http://moinmoin.wikiwikiweb.de/MoinMoinWikis
http://moinmoin.wikiwikiweb.de/
--
Patrick "The N-Man" Barnes
nman64 at n-man.com
www.n-man.com
--
More information about the SATLUG
mailing list