On Sun, Jul 29, 2007 at 03:44:35PM +0800, Thomas Goirand wrote:
> Jim Popovitch wrote:
> > Whats a good, non-PHP based, client webmail application for about 50
> > user accounts?
> >
> > Thx,
> >
> > -Jim P.
>
> What's wrong with PHP?
>
Umm, what's *not* wrong with it?
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
07-29-2007, 02:55 PM
William Dode
non-PHP webmail
On 29-07-2007, Roberto C Sánchez wrote:
>
> --JWEK1jqKZ6MHAcjA
> Content-Type: text/plain; charset=iso-8859-1
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Jul 29, 2007 at 03:44:35PM +0800, Thomas Goirand wrote:
>> Jim Popovitch wrote:
>> > Whats a good, non-PHP based, client webmail application for about 50
>> > user accounts?
>> >=20
>> > Thx,
>> >=20
>> > -Jim P.
>>=20
>> What's wrong with PHP?
>>=20
> Umm, what's *not* wrong with it?
Just that there are webmail based on it ;-)
--
William Dodé - http://flibuste.net
Développeur informatique indépendant
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
07-29-2007, 03:38 PM
Jim Popovitch
non-PHP webmail
On Sun, 2007-07-29 at 15:44 +0800, Thomas Goirand wrote:
> Jim Popovitch wrote:
> > Whats a good, non-PHP based, client webmail application for about 50
> > user accounts?
> >
> > Thx,
> >
> > -Jim P.
>
> What's wrong with PHP?
Based on server logs, PHP still seems to be a very highly targeted
attack vector. Considering that it's impossible for me to have
up-to-date information on every possible security hole out there, it
only seems prudent to avoid utilizing software that others consider such
a highly valued target. This isn't security by obscurity, it's security
by common sense.
-Jim P.
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
07-29-2007, 03:45 PM
Seth Mattinen
non-PHP webmail
Jim Popovitch wrote:
On Sun, 2007-07-29 at 15:44 +0800, Thomas Goirand wrote:
Jim Popovitch wrote:
Whats a good, non-PHP based, client webmail application for about 50
user accounts?
Thx,
-Jim P.
What's wrong with PHP?
Based on server logs, PHP still seems to be a very highly targeted
attack vector. Considering that it's impossible for me to have
up-to-date information on every possible security hole out there, it
only seems prudent to avoid utilizing software that others consider such
a highly valued target. This isn't security by obscurity, it's security
by common sense.
PHP's problems are typically caused by horrible programming practice -
such as using variables from user input and assuming PHP will make the
input safe. Based on server logs, Windows still seems to be a very
highly targeted attack vector too. So why make a comment about PHP like
that?
Sorry to interject this, but that comment smacks of ignorance to me.
~Seth
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
07-29-2007, 03:59 PM
Marcin Owsiany
non-PHP webmail
On Sun, Jul 29, 2007 at 08:45:10AM -0700, Seth Mattinen wrote:
> PHP's problems are typically caused by horrible programming practice -
> such as using variables from user input and assuming PHP will make the
> input safe.
However this in turn could parially be blamed on PHP's design
encouraging such programming for years...
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
07-29-2007, 04:16 PM
Jim Popovitch
non-PHP webmail
On Sun, 2007-07-29 at 08:45 -0700, Seth Mattinen wrote:
> PHP's problems are typically caused by horrible programming practice -
> such as using variables from user input and assuming PHP will make the
> input safe.
Correct, at least according to the reports I have seen. If I installed
a PHP application then I would need to have greater knowledge than I
care to of the new application as well as the underlying PHP components.
I want a webmail application that's as easy to install/maintain/secure
as SSH. I want a webmail application that doesn't necessitate that I
scrutinize and sanitize the developer's code.
> Based on server logs, Windows still seems to be a very
> highly targeted attack vector too. So why make a comment about PHP like
> that?
Since this is a Debian list I presumed that I didn't say it also need to
be non-Windows. For the record, I'm also not interested in it being
insecure, untrustworthy, outdated, unsupported, unavailable, extremely
costly, or subject to repeated failure.
> Sorry to interject this, but that comment smacks of ignorance to me.
Good point. Ignorance is defined as "the condition of being uneducated,
unaware, or uninformed". That accurately defines my knowledge of PHP.
I don't know all the ins and outs of PHP security, and I don't care to.
Thus my reason for asking for a non-PHP recommendation.
-Jim P.
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
07-29-2007, 06:06 PM
Roberto C. Sánchez
non-PHP webmail
On Sun, Jul 29, 2007 at 08:45:10AM -0700, Seth Mattinen wrote:
>
> PHP's problems are typically caused by horrible programming practice -
Except that such horrible programming practice is *promoted* by the
language and its developers? I mean, register_globals?!?!
> such as using variables from user input and assuming PHP will make the
> input safe. Based on server logs, Windows still seems to be a very
> highly targeted attack vector too. So why make a comment about PHP like
> that?
>
> Sorry to interject this, but that comment smacks of ignorance to me.
>
There is nothing ignorant about his remark.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
non-PHP webmail
