The Web is broken because of PHP
Rasmus Lerdorf creator of PHP: „The Web is broken and it’s all your fault.”
HEAR, HEAR !!!
Part of the reason Lerdorf considers the Web „broken” is that it is inherently insecure for a variety of reasons. One of those reasons sits at the feet of developers.
„You don’t know that you have to filter user input,” Lerdorf exclaimed.
Lerdorf advised PHP developers that nothing that comes across the wire is to be trusted. Header „stupidity,” as Lerdorf referred to it in Apache HTTP Web server, can also be the root cause for the broken Web.
Then there is Microsoft’s Internet Explorer, which has „stupidity” issues with character set detection, arbitrary header injection, host header spoofing and request splitting.