[Pdx-pm] kwiki, Mediawiki, PHP, and the Dark One
Joe Oppegaard
joe at radiojoe.org
Thu Mar 1 14:14:54 PST 2007
On Thu, 1 Mar 2007 at 1:12pm -0800, Keith Lofstrom wrote:
> Hmm. Mediawiki is my favorite wiki from the user viewpoint, but
> I use kwiki because I sorta understand it and the Perl it is
> written in. I would use Mediawiki instead, but I worry about
> being a turning on the Apache module for PHP, a language I do
> not understand and have heard scare stories about.
>
> Judgement question, Oh nobler and wiser heads: is it safe to
> turn on PHP and use it only for Mediawiki? Or would I be
> dabbling in the dark arts, and selling my website to Satan?
>
> Do friends let friends drive PHP?
>
Yes, using PHP for Mediawiki is just fine and as safe as any major web
application. PHP can be done right.
The thing about PHP is that it is so easy for someone who doesn't know
much about programming to get a basic database-driven website up and
running pretty quickly. It will be full of security holes, it will be
impossible to maintain, but it can be done for $200 by your nephew and
will mostly do what you expect.
Next time you're on a site that has something like id=\d+ in the query
string, stick a single quote right after the number and watch the
website break 9 times out of 10. Is it a site with login functionality?
Login and check your cookie, oh look at that, your user id from their
database table is the value of the cookie. Edit that cookie with a text
editor, change your user id to 1, refresh the site and you're probably
logged in as the administrator.
I'm getting off track, but my point is that while it's easy to see all
the ways you can write really bad software with PHP, I'm not sure it's
fair to view PHP as inherently evil.
I've picked up numerous PHP contracts over the last few years and 8
months ago I picked up a full-time job doing PHP. If you do it right,
PHP can be a nice convenient language to work with in the website
domain.
It's like that classic story you hear in college about how people who
sit in the front of the class have a much higher chance of getting good
grades. But we all know it has nothing to do with where you sit, it's
the kind of people who sit in the front of class that are the kind of
people who study hard and actually care about school. From my
experience, people who use Perl typically care about their craft, people
who use PHP typically are sitting in the back of class hung-over with a
pair of dark aviators on. There are PHP people that sit at the front of
the class though!
Cheers,
-Joe
More information about the Pdx-pm-list
mailing list