JOB: LAMP Artisan
ddavidegli at gmail.com
Mon Feb 24 02:56:22 MST 2014
On February 21, 2014, Matthew Frederico wrote:
>> Basing everything you do off from a combo of Linux Apache, MySQL and PHP
>> going to give you vulnerabilities you can't even imagine.. And of course
>> those vulnerabilities scale as you try to scale.
> Would you mind expounding on what vulnerabilities this stack would incur?
Something else I'd be curious to see. Although I don't personally use MySQL
much at all any more I'd be curious to hear more about the problems you've
faced using this combination. As I said just a moment ago in another
message, I generally use a LAPP architecture vs. LAMP (the P being
PostgreSQL vs. MySQL). I'll grant most of my projects are small time and
aren't used world wide (or at least, not by a large percentage of the web,
although the users may be all over the world), but I haven't had any
programs having vulnerabilities exploited. Perhaps it's careful coding and
SQL statement phrasing. Perhaps it's something else, but I've had nary a
complaint from anyone that I've ever done PHP work for, nor did my own PHP
code give me any issues.
On Sat, Feb 22, 2014 at 2:28 AM, S. Dale Morrey <sdalemorrey at gmail.com>wrote:
> I used to be a master PHP programmer. I had hundreds of projects under my
> They were all designed with the very best practices of the day.
> Then one project after another fell due to vulnerabilities. Sometimes code
> issues, sometimes wierd SQL attacks that had been previously thought to be
> Eventually all of these projects were replaced with less vulnerable
> languages such as Python, Java & Node.
> In the intervening years I've learned that PHP is good for a quick
> prototype to generate enough interest to get funding for a real project.
> Sorry but that's the truth as I see it from having spent the last decade
> and a half as a hired gun.
> Now days 20% of my work involves moving companies & people off from PHP and
> onto something more secure, more scalable etc.
> I would argue that a company will get more bang for it's buck by leveraging
> experience then node is awesome. If you've got serious engineers with Java
> or C++ then frameworks based on that are good, Python also seems to work
> well for these guys although I've never been able to pick up strong
> proficiency in it. Perl may still be a good contender if you can grok the
> insane and arcane syntax it's performance will most times be far in excess
> of anything you'll achieve with PHP. And then of course there's Ruby, but
> I won't get into that.
> In fact the fastest webservice I ever built was built on top of Lua and it
> easily handled 300,000 queries per second in the real world. This was
> about 5 years ago on a single box with a flat-file DB an SSD drive and a
> crapton of ram. (crapton is a new unit of measurement, not a new particle)
> Every project is a matter of picking the right tool for the right job.
> Basing everything you do off from a combo of Linux Apache, MySQL and PHP is
> going to give you vulnerabilities you can't even imagine. And of course
> those vulnerabilities will scale as you try to scale.
> I believe that the combination of MySQL and PHP should be considered
> anathema to good design practice for any company developing a modern
> infrastructure. If you must go with PHP don't use MySQL as a backend. If
> you must use MySQL don't use PHP as a front end.
> So I stand by my earlier statement. I've learned that MySQL/PHP is good
> for a quick prototype to generate enough interest to get funding for a real
> project. Once you have that funding ,an immediate move to something better
> is in order.
> I do still like the language itself. It's the implementation that sucks.
> On Fri, Feb 21, 2014 at 1:20 PM, Matthew Frederico <mfrederico at gmail.com
> > On Fri, Feb 21, 2014 at 1:03 PM, Tod Hansmann <plug.org at todandlorna.com
> > >wrote:
> > > Do you have to LOVE PHP? Can you just have an understanding of its
> > > usefulness as a tool despite the terrible language it is implemented
> > > thus enjoying building things with it as opposed to enjoying it in and
> > > itself? =cP
> > >
> > > I know, I'm a bad man.
> > >
> > Dear Tod,
> > Not *loving* php doesn't make you a bad man .. well, not too much :-)
> > Yes - it's not a perfect programming language like node, but compared to
> > GWBasic or Java - (</me ducks>) its shortcomings are outweighed by its
> > footprint, ubiquitous install base and easy to pick up grammaticals.
> > like the hammer of Thor - In the right hands "the php" can be a powerful
> > force to do good. Just like every other language with a cult-like fan
> > base.
> > So perhaps you are right - Loving what it does, not necessarily what it
> > (Love the sinner, not the sin?)
> > Best Regards,
> > - Matt
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG