Fixing stupid PHP

There was this nice thread on the debian-security mailing list last week, named Fixing stupid PHP application design flaws. Martin Schulze points out that developers shouldn't leave include files in a place that can be publicly accessed from the website. Henrique de Moraes Holschuh (wow, what a name) says:

I think not only we should do it, we should also make a big fuss about it, so that some of the PHP people out there at least have a chance to get the clue.

Heh, although I agree, I don't expect too much from the PHP community at large. The number of people that think chmod 777-ing files is OK is frightening, for example.

debian-security: Fixing stupid PHP application design flaws