FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 07-29-2007, 02:12 PM
Roberto C. Sánchez
 
Default non-PHP webmail

On Sun, Jul 29, 2007 at 03:44:35PM +0800, Thomas Goirand wrote:
> Jim Popovitch wrote:
> > Whats a good, non-PHP based, client webmail application for about 50
> > user accounts?
> >
> > Thx,
> >
> > -Jim P.
>
> What's wrong with PHP?
>
Umm, what's *not* wrong with it?

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
 
Old 07-29-2007, 02:55 PM
William Dode
 
Default non-PHP webmail

On 29-07-2007, Roberto C Sánchez wrote:
>
> --JWEK1jqKZ6MHAcjA
> Content-Type: text/plain; charset=iso-8859-1
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Jul 29, 2007 at 03:44:35PM +0800, Thomas Goirand wrote:
>> Jim Popovitch wrote:
>> > Whats a good, non-PHP based, client webmail application for about 50
>> > user accounts?
>> >=20
>> > Thx,
>> >=20
>> > -Jim P.
>>=20
>> What's wrong with PHP?
>>=20
> Umm, what's *not* wrong with it?

Just that there are webmail based on it ;-)

--
William Dodé - http://flibuste.net
Développeur informatique indépendant


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-29-2007, 03:38 PM
Jim Popovitch
 
Default non-PHP webmail

On Sun, 2007-07-29 at 15:44 +0800, Thomas Goirand wrote:
> Jim Popovitch wrote:
> > Whats a good, non-PHP based, client webmail application for about 50
> > user accounts?
> >
> > Thx,
> >
> > -Jim P.
>
> What's wrong with PHP?

Based on server logs, PHP still seems to be a very highly targeted
attack vector. Considering that it's impossible for me to have
up-to-date information on every possible security hole out there, it
only seems prudent to avoid utilizing software that others consider such
a highly valued target. This isn't security by obscurity, it's security
by common sense.

-Jim P.



--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-29-2007, 03:45 PM
Seth Mattinen
 
Default non-PHP webmail

Jim Popovitch wrote:

On Sun, 2007-07-29 at 15:44 +0800, Thomas Goirand wrote:

Jim Popovitch wrote:

Whats a good, non-PHP based, client webmail application for about 50
user accounts?

Thx,

-Jim P.

What's wrong with PHP?


Based on server logs, PHP still seems to be a very highly targeted
attack vector. Considering that it's impossible for me to have
up-to-date information on every possible security hole out there, it
only seems prudent to avoid utilizing software that others consider such
a highly valued target. This isn't security by obscurity, it's security
by common sense.



PHP's problems are typically caused by horrible programming practice -
such as using variables from user input and assuming PHP will make the
input safe. Based on server logs, Windows still seems to be a very
highly targeted attack vector too. So why make a comment about PHP like
that?


Sorry to interject this, but that comment smacks of ignorance to me.

~Seth


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-29-2007, 03:59 PM
Marcin Owsiany
 
Default non-PHP webmail

On Sun, Jul 29, 2007 at 08:45:10AM -0700, Seth Mattinen wrote:
> PHP's problems are typically caused by horrible programming practice -
> such as using variables from user input and assuming PHP will make the
> input safe.

However this in turn could parially be blamed on PHP's design
encouraging such programming for years...

--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-29-2007, 04:16 PM
Jim Popovitch
 
Default non-PHP webmail

On Sun, 2007-07-29 at 08:45 -0700, Seth Mattinen wrote:
> PHP's problems are typically caused by horrible programming practice -
> such as using variables from user input and assuming PHP will make the
> input safe.

Correct, at least according to the reports I have seen. If I installed
a PHP application then I would need to have greater knowledge than I
care to of the new application as well as the underlying PHP components.
I want a webmail application that's as easy to install/maintain/secure
as SSH. I want a webmail application that doesn't necessitate that I
scrutinize and sanitize the developer's code.

> Based on server logs, Windows still seems to be a very
> highly targeted attack vector too. So why make a comment about PHP like
> that?

Since this is a Debian list I presumed that I didn't say it also need to
be non-Windows. For the record, I'm also not interested in it being
insecure, untrustworthy, outdated, unsupported, unavailable, extremely
costly, or subject to repeated failure.

> Sorry to interject this, but that comment smacks of ignorance to me.

Good point. Ignorance is defined as "the condition of being uneducated,
unaware, or uninformed". That accurately defines my knowledge of PHP.
I don't know all the ins and outs of PHP security, and I don't care to.
Thus my reason for asking for a non-PHP recommendation.

-Jim P.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-29-2007, 06:06 PM
Roberto C. Sánchez
 
Default non-PHP webmail

On Sun, Jul 29, 2007 at 08:45:10AM -0700, Seth Mattinen wrote:
>
> PHP's problems are typically caused by horrible programming practice -

Except that such horrible programming practice is *promoted* by the
language and its developers? I mean, register_globals?!?!

> such as using variables from user input and assuming PHP will make the
> input safe. Based on server logs, Windows still seems to be a very
> highly targeted attack vector too. So why make a comment about PHP like
> that?
>
> Sorry to interject this, but that comment smacks of ignorance to me.
>
There is nothing ignorant about his remark.

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
 

Thread Tools




All times are GMT. The time now is 02:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org