Neil's News

Polyglot 5: PHP

11 September 2004

[PHP] Fifth is PHP. Yet another language that taps into GD to do the actual image manipulation. But unlike the others, PHP brings its own version of GD. So one has to go through the pain of linking GD all over again. PHP is an excellent language for quick web scripts. Its online documentation is superb; not only is it easy to use but the contributed comments give it extra depth.

This documentation is fortunate because although the language is well endowed with a large and capable set of libraries, they've grown over time making them inconsistent. Some string functions start with "str", others start with "str_", others don't have any prefix. Some array functions start with "array_", others don't. It's a bit of a mess.

Far more serious is that PHP doesn't use the CGI interface, which means that it doesn't benefit from suEXEC. This makes PHP scripts insecure on multi-user systems since they run with the web server's perms, not the account holders. No big deal for an image script like this one, but unfortunate if it needs to access a password-protected database since the password will be readable by other users.

Still, it's a good language for the web if one isn't planning on doing anything too serious.

Here's the PHP source code.

Update: Here's how to do secure multi-user PHP. Either of the two listed approaches appear to remedy the above security problem.

< Previous | Next >

 
-------------------------------------
Legal yada yada: My views do not necessarily represent those of my employer or my goldfish.