Searching for a proper nagios replacement

Alexander Wirt formorer at debian.org
Thu Aug 13 13:36:07 CEST 2009


Andreas Ericsson schrieb am Thursday, den 13. August 2009:

Him 

> > Hi, 
> > 
> >>> now with the release of 3.2.0 and the stupiest decision ever - the move to a
> >>> php frontend - I'm looking for a replacement. 
> >>>
> >>> It should be: 
> >>>
> >>> - compatible with nagios plugins
> >> That would be Big Brother then, I guess.
> >>
> >>> - developed with security in mind. (yes that means no php)
> >>>
> >> Do you really think that coding web-applications in C is more secure than
> >> writing them in PHP? What do you base that assumption on?
> > The horrible history of php itself.
> 
> The horrible history of php, or the horrible history of php applications?
In fact both. 

> 
> > The language is bad designed
> 
> This is an objective opinion. Please keep them away from serious technical
> discussions.
Bad design leads to bad code. Which is an objective fact for many php
applications. 

 
> > and the
> > interpreter is full of bugs which leads to more security implications than
> > most people could imagine. History also shows that the php devs are not able
> > to handle their own bugs nor do they proper security management. After the
> > last 2 breakins via php and php applications we decided to not use php
> > anymore. 
> 
> Via php or via php applications? If you consider the history of bugs in C
> applications that lead to remote code exploitation, I think you'll find that
> php is quite secure. Ofcourse, a lot more fledgling programmers write code
> in php, and they do not always have a single clue about security concerns.
> That doesn't mean it's impossible to write secure php applications. It just
> means you have to vet those applications before you actually trust them with
> sensitive data, just as you would with a C program.
One about a php application and one about php. In my experience neither
people developing in php nor people devoloping php have a single clue about
security. 

Alex


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july




More information about the Developers mailing list