PHP opinion revisited

I must temper my statement I made yesterday regarding PHP. You see, PHP isn't the only language in which carelessly developed web applications with security holes can be developed.

For instance, yesterday the Mozilla Foundation disclosed that the site spreadfirefox.com was hacked because of an unpatched, accessible version of TWiki was sitting unused and available.

TWiki is written in Perl, my CGI language of choice. It certainly seems that vulnerable apps developed in PHP get more press than vulnerable apps developed in Perl. I suspect that this is because PHP is a relatively young language. As well, an earlier version had a rather serious feature/flaw involving global variables.

My guess is that the mainstream PHP apps I listed yesterday are in wider use and probably are better scrutinized than more obscure Perl apps such as TWiki. In that case, it can be demonstrably said that some PHP apps are more secure than some Perl apps.

So I shouldn't rule out PHP apps on my site any more than I am willing to rule out Perl apps.

I just need to be careful about the apps I install.