Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

I was also thinking of PHP's register_globals. I was tempted to make a snide remark, so I'll make it now. The difference here is that the PHP group realized register_globals was a bad idea, deprecated it in 5.3 and removed it in 5.4. Furthermore the default has been OFF since 4.2.0. The resistance to fixing the Rails problem just makes me ever less likely to give Rails a shot, it should be really bad PR when you ignore security issues.

reply



view as:

Welcome to the new decade, where PHP has secure defaults and Rails apps get pwn'd left right and center.

But seriously, PHP still has lots of problems to fix.

reply


The lesson here is if you care about security, performance, reliability etc, use old 'uncool' battle worn languages/platforms.

reply


> But seriously, PHP still has lots of problems to fix.

Like what?

reply


http://phpsadness.com/

http://www.reddit.com/r/lolphp/

Among others...

reply


If the best you can do is close to a year stale and doesn't apply to the latest version, I'd say PHP is doing a fine job.

Also, reddit? Really?

reply


> If the best you can do is close to a year stale and doesn't apply to the latest version

Really? 5.4 has fixed the retarded associativity of the ternary and all error reporting?

reply


Inconsistent error handling, for example. Why do some functions fail silently, some functions return false, some functions produce warnings, some functions throw exceptions, and some functions tell you to call another function to retrieve the error code?

Ruby and Python are much more consistent in that regard.

reply


Legal | privacy