PHP 🐘 is so damn easy to learn, run straighforward in all OSs, that anyone can start coding in no time. Therefore, the amount of crap code around, made by unskilled devs, is just *unbelievable*. 💩

The amount of people that write their own shitty login code instead of just using a simple library -_-

@LucaScorpion What if I tell you, that it's more fun to make it yourself instead of including a library. If you do good research, you can make it secure.

@Jifuna Oh yeah absolutely, but the problem is that a lot of people don't do that research.

@LucaScorpion haha, indeed that's true.

Insecure web apps are not restricted just to PHP

Waiting for a member of the Laravel cult to chime in.

@niko Here I am, member of the syntactic sugar club checking in

@niko Amen!

@Jifuna It is important to know how the wheel is made indeed. To then improve it, not reinvent it.

@Jifuna One will never keep in mind all those security flaws a big bunch of very smart people have invested years of manhour in. Don't run your own security. You will not be en par with them even remotely, and it most likely won't be maintained that long. I remember going through a library's password comparison algorithm and was confused as to why they were comparing letter by letter even if they didn't match. Then it hit me: otherwise you could do a timing attack as faulty password would get rejected faster than those that matched more letters. They wanted to ensure that timing was always the same for a string of a given length. I never would have thought of that vector of attack. Build your own security library for the lulz and learning. Yet please don't deploy it anywhere.

@k0pernikus hmm, good point. I think you're right. Thanks for this insight. There are probably a lot of things not secure when I write the library, things I did'nt think off. In contrary when a whole team write it. The funny thing is though: on this moment I have a opensource project where I write a accountsystem library in php. Just for self reflection and learning.

@niko *raises paw* laravel cult member here.

@niko Laravel cult member checking in

*docks in the Laravel love boat* did someone call?

JavaScript too. It's way too mainstream and easy to get started (but not master), so you can see quite a lot of bad code being produced by newcomers.

@lotd That cat loves Laravel, but apparently hates Jews

@mclark1129 that's just old superstition. I'm afraid you're pawly wrong on that one :p

@niko Laravel cult member reporting here!