Reply to post: Languages don't 'sanitise input'...

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

smartypants

Languages don't 'sanitise input'...

Programs do.

There isn't a language out there which will prevent you doing something as silly as connecting to a DB and passing it a string straight from user input. If there's anyone out there relying for their security on a choice of language, then they're not going to last very long because it is not going to help in the slightest.

Perhaps there are some IT bods out there patting themselves on the back right now because they don't use PHP and are therefore 'secure'. Perhaps people this clueless were working at Talk-talk too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019