Server side scripting and security

[cmccully]

Hi,

 

  I use PHP for my web site and am concerned with the security implications of this language. The recent month of PHP bugs has illustrated some of the problems with this language. However, what I am wondering is how PHP stacks up against other server side languages such as Perl and Python. I rarely hear about problems with these languages and I’m wondering if this is because they are becoming less prevalent or if they are inherently more secure, or am I simply oblivious. Obviously, how a language is used, such as not validating input can create serious security problems so we all need to be careful. I guess the question I have is: how much does security depend on the language in use and how much does it depend on us the programmer?

 

 

                      cmccully

 

[StormTheGates]

To be honest with you PHP is a very secure language if configured properly. As for other languages, ASP is a no-go. Any language that has a period of time where you can add a % at the end of a variable URL and see all the source code is deffinitly a no go. Perl is a very good and powerful language, although diminishing rapidly. Python is also good, however its prevalence is very limited, so getting assistance is hard.

 

I recomend PHP because there are alot of help sites, good documentations, and many many features and configurable options. Coupled with basic security software on your server I dont think youll ever encounter a problem.

[cmccully]

Thanks for the info!

 

 

 

                  cmccully

[marf]

You pretty well explained it well, but yes PHP seems the most Popular way to go.  As right now in the world of web building, competition is mainly between PHP and ASP, and in my opinion PHP is better at what it does. Obviously ASP and the .NET framework has its purposes. But PHP is awesome.