[KLUG Members] Linux Security

[Adam Williams]

> The article,  "Linux security: The seven deadly sins",  is a good 
> read, but nothing new and earth shattering for experienced sysadmins.
> http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_gci904844,00.html
> Except, under #4, it says: "Don't use PHP, even though it's convenient"
> And that's ALL he says about PHP.  He doesn't elaborate why he thinks
> PHP is insecure in general.  Sure, you can write insecure PHP scripts,
> but are _all_ PHP scripts insecure as a whole?  Any speculation what he
> might be thinking?

Beats me.  He points out to not run Apache as root (which no one does
anymore and hasn't for a long time). So the PHP code wouldn't be running
as root.  He talks about auditing CGIs - as far as writing secure CGIs
gos - now THAT is hard.

Hey, www.net-security.org is powered by PHP.

I took a quick spin around goolge with "php is insecure", php insecure,
php fundamentally insecure, "php not secure", php insecurity, etc... and
didn't turn up any sites that claimed PHPs security is broken in any
inherent sense.  Which is something.

I think the author is just exceeding his brief a bit on the PHP comment.