[CS-FSLUG] Content Management Software

Micah Yoder yoderm at gmail.com
Tue Oct 9 09:52:52 CDT 2007

> A lot of these vulnerabilities are relatively minor.  Yes, I know there
> have been a *lot* (oh boy do I know!), but for the most part they're
> very minor or very difficult to exploit in any significant way.

Well, exploits definitely happen.  I work in Linux tech support at a
managed hosting provider, and I see them ...

> You can also use a caching system, like memcached or APC.  They work
> quite well.

Perhaps.  Normally people use ionCube or Zend Optimizer, which are
closed source.  I'm not familiar with memcached/APC.

> And ugly code is in the eye of the beholder (and the skill/care of the
> developer).  =)  I've seen some pretty awful perl code, some disgusting
> PHP code, and some really clean PHP code.  Python is a bit nicer in this
> respect.. you're almost forced into being tidy.

You can make reasonably structured PHP, sure.  I still assert that
it's not as pretty or efficient as Python.

> >PHP is fine for small sites with simple logic.  Using it for more than
> >that is, IMHO, insane.
> I disagree.  I've implemented stuff in PHP that was big and complex and
> have had no issues with it whatsoever.  In fact, things that I've
> rewritten from perl (or mimicked from perl), has been faster...
> sometimes *much* faster, in PHP.

Is that with one of those bytecode caches?  If not, that would be hard
to believe.

> PHP, if used properly, has great potential and can drive very complex
> and large sites/scripts.  The problem is it's so easy to pick up, on
> every web hosting service out there, so it's easy for people to write
> quick-n-dirty crap code.

True.  I just don't think it is the best language out there for large
web applications.  I'd rather use about anything -- including Java, or
even ASP.net via Mono.

> Now, to be fair, I can only really compare perl and php, and of the two,
> I much prefer php.  I've very little experience with python.

Granted, I don't have experience writing a web app with Python yet.
But I've looked at mod_python and Django, a toolkit that looks like it
makes it somewhat simple.

One disadvantage of mod_perl is that it ate *huge* amounts of memory.
(Several years ago I commercially hosted Slashcode-based sites.  I
could only get a couple small sites in 512MB and quickly had to
upgrade my server to 2GB.)  I'm not sure if mod_python is as bad or

> But I question the idea that php is inefficient becase it has to parse
> code for every HTTP request.  Don't python and perl have to do the same
> thing, unless the server itself is written in said language?  I mean,
> under mod_python or mod_perl, wouldn't the results be the same as that
> under mod_php?  I suspect there is support there to prevent the
> interpretter from firing up every time a request comes in, which reduces
> some overhead, but don't they still have to re-parse things for each
> request unless an object cache is being used?

No.  Mod_perl and mod_python automatically cache bytecode, *and* they
run code at a lower level in the webserver.  When a request comes in,
it knows right off which perl or python function to call, and all
objects are available immediately.  You can also use them to write
full fledged Apache modules, not so with PHP.

More information about the Christiansource mailing list