I don't think PHP's secure by design, because they allow developers to be vulnerable by some of PHP's defaults. And actually Pert Soomann pointed one of them out.
Although I don't believe that's an issue in new versions of PHP.
And now-a-days I believe it's mostly developers' fault for insecure PHP applications. Especially since PHP-7.2.x ships with lobsodium for cryptography, htmlentities for XSS protection, filter_var for both validating and sanitizing variables(I don't see many apps use this though).
I believe the fighting / pushing back comes down to mostly outside factors.
I'm sure between two of us, as "competing" PHP framework developers, we could have a civilised debate and come up with scenarios where Laravel is good to use, and where it's not so good to use, and where CodeIgniter is good to use, or not as good to use.
But add a deadline with real project to the mix, and suddenly it's not about "ideal scenario" anymore. Now it's about knowing that you can do X amount in Y days with Z setup.
If there's supporting articles for your choice of tools, and loads of negative about all the alternatives, it's much easier to convince your boss to go with your preference.
So I believe most developer fights are really about just wanting to make more positive noise about their own toolset, and also some want to make loads of negative noise about competing frameworks / languages / technology.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
PHP isn't secure by design. But this isn't about choosing a different language. :)
Examples to back this statement up?
I don't think PHP's secure by design, because they allow developers to be vulnerable by some of PHP's defaults. And actually Pert Soomann pointed one of them out.
Although I don't believe that's an issue in new versions of PHP.
And now-a-days I believe it's mostly developers' fault for insecure PHP applications. Especially since PHP-7.2.x ships with lobsodium for cryptography, htmlentities for XSS protection, filter_var for both validating and sanitizing variables(I don't see many apps use this though).
The problem is between chair and table
I remember when they took variables from index.php?var=value and assigned $var automatically.
That was bad, but it was also 17 years ago.
These days most of PHP security issues come from interacting with other technologies, not from PHP itself.
Sadly, that doesn't matter if people will just parrot what other people said instead of properly learning a language and forming their own opinion.
I believe the fighting / pushing back comes down to mostly outside factors.
I'm sure between two of us, as "competing" PHP framework developers, we could have a civilised debate and come up with scenarios where Laravel is good to use, and where it's not so good to use, and where CodeIgniter is good to use, or not as good to use.
But add a deadline with real project to the mix, and suddenly it's not about "ideal scenario" anymore. Now it's about knowing that you can do X amount in Y days with Z setup.
If there's supporting articles for your choice of tools, and loads of negative about all the alternatives, it's much easier to convince your boss to go with your preference.
So I believe most developer fights are really about just wanting to make more positive noise about their own toolset, and also some want to make loads of negative noise about competing frameworks / languages / technology.