[pmwiki-users] Selecting a Wiki engine...

Joachim Durchholz jo at durchholz.org
Mon Oct 2 16:00:23 CDT 2006


Thomas -Balu- Walter schrieb:
> On Mon, Oct 02, 2006 at 06:50:10PM +0200, Oliver Betz wrote:
> Pm's code is really great. It's very modular and very extensible. I've
> not seen many projects where you can do so much with so little code and
> so little changes / extensions.

While I agree, I have to say that I find that PmWiki's code is rather 
weak on naming and namespace management.

>> Security: is PHP really that bad (e.g. compared Perl) in terms of 
>> security? The PmWiki code didn't seem to have many security issues in 
>> the past. Is it written more defensive than other applications?
> 
> It's as usual - it's not the language that has security problems, it is
> the code - or said other way round - the developers. 

I have to *strongly* disagree.
While you're right that it's the code that's insecure, not the language 
per se, a language design can encourage or discourage secure code. And 
in this respect, PHP is quite far on the insecure side.

PHP also has a long history of bad design decisions. The various 
magic_quotes directives in php.ini really stink - they can't be switched 
off from PHP, there's no way to undo their effects where you need it, 
and they don't do the job properly - they actually managed to cover all 
possible serious design errors for a quoting mechanism in a single grand 
misdecision.

PHP also has some features that make it easy to have bugs in general, 
and of course some of these bugs introduce security issues. I'd really 
appreciate it if webhosting accounts wouldn't ship with PHP per default, 
and used something sane. Whether that "something sane" would by Python 
or Ruby I can't tell, but I have to disappoint PM by saying I wouldn't 
count Perl among the sane languages either - while it has many, many 
excellent features, it's still insanely write-only ;-P

Regards,
Jo




More information about the pmwiki-users mailing list