ROFLMAO @ PHP devs turning a DoS into a remote code execution vuln.
Name:
Anonymous2012-02-06 18:14
The PHP language is just another procedural with a silly quirk that variables start with $. But PHP as a web scripting language is not about the language, but the philosophy on how it handles certain issues that are specific to web based environments. Yes, you can develop a program in C and hook it into a CGI environment, but by doing so you need to plug about 100+ possible exploits and jail-break issues. PHP does a good job with that, and does even more. It also does a good job on simplifying, streamlining and hardening API's, most commonly database and image handling. And, in contrast to PERL, it all resides in the core and not a spaghetti stitched mess of user supplied scripts and modules that are too fucked up to even flame about except that core PERL depends on external modules which are not part (or supplied) by the core creating cyclic-dependencies.
So except that variables starting with dollars, PHP does a really good job for what it was designed to do. It might have some short comings and inconsistencies, but those are things I am willing to accept with what it gives in return.