While it is true that the security of the script is determined not by the language but by the programmer, I would argue that it is easier to write secure scripts in Perl, because it has neccessary features to make this task easier.
Contrasting Perl to PHP, there is a wholly different culture of coding. PHP used to do everything with global variables (ok, not anymore, but I still see a lot of PHP scripts written with globals=On). PHP does a lot for you so that it would not get in the way for you when you are creating webpages. I am not saying that PHP developes don't know what they are doing, but PHP seems to attract developers who like easy no-thrills programming of small web applications and don't always think about security.
Perl at least has the features like taint mode that helps with security a lot. I think if one chooses to ignore these security features then he better know what he is doing. Although is easy to ignore the security features and write insecure scripts in Perl, at least there are tools available for writting secure ones.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|