[Pdx-pm] kwiki, Mediawiki, PHP, and the Dark One

Joe Oppegaard joe at radiojoe.org
Thu Mar 1 14:14:54 PST 2007


On Thu, 1 Mar 2007 at 1:12pm -0800, Keith Lofstrom wrote:

> Hmm.  Mediawiki is my favorite wiki from the user viewpoint, but
> I use kwiki because I sorta understand it and the Perl it is
> written in.  I would use Mediawiki instead, but I worry about
> being a turning on the Apache module for PHP, a language I do
> not understand and have heard scare stories about.
>
> Judgement question, Oh nobler and wiser heads:  is it safe to
> turn on PHP and use it only for Mediawiki?  Or would I be
> dabbling in the dark arts, and selling my website to Satan?
>
> Do friends let friends drive PHP?
>

Yes, using PHP for Mediawiki is just fine and as safe as any major web 
application. PHP can be done right.

The thing about PHP is that it is so easy for someone who doesn't know 
much about programming to get a basic database-driven website up and 
running pretty quickly. It will be full of security holes, it will be 
impossible to maintain, but it can be done for $200 by your nephew and 
will mostly do what you expect.

Next time you're on a site that has something like id=\d+ in the query 
string, stick a single quote right after the number and watch the 
website break 9 times out of 10. Is it a site with login functionality? 
Login and check your cookie, oh look at that, your user id from their 
database table is the value of the cookie. Edit that cookie with a text 
editor, change your user id to 1, refresh the site and you're probably 
logged in as the administrator.

I'm getting off track, but my point is that while it's easy to see all 
the ways you can write really bad software with PHP, I'm not sure it's 
fair to view PHP as inherently evil.

I've picked up numerous PHP contracts over the last few years and 8 
months ago I picked up a full-time job doing PHP. If you do it right, 
PHP can be a nice convenient language to work with in the website 
domain.

It's like that classic story you hear in college about how people who 
sit in the front of the class have a much higher chance of getting good 
grades. But we all know it has nothing to do with where you sit, it's 
the kind of people who sit in the front of class that are the kind of 
people who study hard and actually care about school. From my 
experience, people who use Perl typically care about their craft, people 
who use PHP typically are sitting in the back of class hung-over with a 
pair of dark aviators on. There are PHP people that sit at the front of 
the class though!

Cheers,
-Joe


More information about the Pdx-pm-list mailing list