Security

[Immortalin]

Does this automatically prevents any of PHP's infamous security issues?

[chr15m]

No, I don't think so.

• A functional coding style and minimising mutation etc. will lead to less defects yes, but;

• The make-a-LISP code is a big PHP blob at the top of every script produced by frock, and I don't think it was written with security in mind - it's an educational exercise.

• All that fresh PHP code is more likely to increase the attack surface of a given script rather than reduce it.

• As stated in the README this really is a hack at the moment and has not been audited for security.

That said, if you're using this to experiment, or for privately hosted firewalled code or whatever, it's probably fine. "Barely functional" is how I would describe this codebase rather than "secure". :)

I would very much welcome security audits & patches to fix bugs of course, and I'm sure the upstream mal project would find that useful too!