Re: non-PHP webmail

On Sun, 2007-07-29 at 08:45 -0700, Seth Mattinen wrote:
> PHP's problems are typically caused by horrible programming practice -
> such as using variables from user input and assuming PHP will make the
> input safe.

Correct, at least according to the reports I have seen. If I installed a PHP application then I would need to have greater knowledge than I care to of the new application as well as the underlying PHP components. I want a webmail application that's as easy to install/maintain/secure as SSH. I want a webmail application that doesn't necessitate that I scrutinize and sanitize the developer's code.

> Based on server logs, Windows still seems to be a very
> highly targeted attack vector too. So why make a comment about PHP like
> that?

Since this is a Debian list I presumed that I didn't say it also need to be non-Windows. For the record, I'm also not interested in it being insecure, untrustworthy, outdated, unsupported, unavailable, extremely costly, or subject to repeated failure.

> Sorry to interject this, but that comment smacks of ignorance to me.

Good point. Ignorance is defined as "the condition of being uneducated, unaware, or uninformed". That accurately defines my knowledge of PHP. I don't know all the ins and outs of PHP security, and I don't care to. Thus my reason for asking for a non-PHP recommendation.

-Jim P.

-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org