At 07:30 AM 12/29/2004, Jerry Bell wrote: >At the end of the day, PHP isn't really the problem. The problem is that >people are not taking the time to learn how to code securely given the >tool they are using. In this case, the problem is really not the language but the Web itself. Preserving the state of an ongoing transaction in a secure and tamper-proof manner is a thorny problem regardless of language -- and it has gotten harder because the abuse of cookies to invade privacy has caused so many people to restrict them or turn them off. Absent a default solution that's already been honed for security, programmers will tend to cut corners or will have to learn security basics from scratch -- the hard way. --Brett Glass _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"