Heroku (was Re: Lies in education [was Re: The "loop and a half"])
Chris Angelico
rosuav at gmail.com
Sat Oct 14 08:39:03 EDT 2017
On Sat, Oct 14, 2017 at 10:16 PM, Ben Bacarisse <ben.usenet at bsb.me.uk> wrote:
> "Peter J. Holzer" <hjp-usenet3 at hjp.at> writes:
>> Which probably boils down to the question: Why did providers offer PHP
>> and not Python? One reason might be that at the time no suitable web
>> framework for Python existed (Zope was released in 1999, and I remember
>> it to be rather heavy-weight). One reason might be that providers didn't
>> see PHP as a "real" programming language and therefore deemed it
>> safer.
>
> That would be deeply ironic, given the security pain that it has turned
> out to be!
Yup. And not exactly surprising to any security expert. The history of
computing - well, let's face it, the history of mankind - is littered
with stories of "this is simple and easy, we don't need to secure it"
turning into "this is actually a major problem". Sometimes we can
retrofit enough protection onto the system without fundamentally
breaking it (eg DNS, where a variety of forms of security have been
added); other times, we learn a new best-prac and keep going (eg
parameterized queries rather than risking SQL injection, which some
people still haven't learned, but a lot have); and other times, we
scrap the bad option and start a completely new way of doing things
(bye bye Java applets, bye bye Flash, let's do everything with JS),
which of course isn't necessarily perfect either, but is usually a big
enough advantage to be worth it.
ChrisA
More information about the Python-list
mailing list