New to php

[jmoore2020]

hello everyone, I've just started learning php and i have a few questions...

 

How secure is php compared to other available languages?

would you use it for a ecommerce website or to manipulate sensitive information etc.

 

Is is possible for others to view your code?... my concern being for mysql logins

because you enter your user name and password directly in the code.

 

Is there a site that explains common security issues with php and secure coding tutorials.

 

 

Thanks in Advance,

Sincerely Jason 

[yzerman]

PHP is a secure as you make it. Nothing is 100% secure. Yes you can use it to manipulate all sorts of information.

 

It is only possible to view someone elses code if they have FTP access and download the files.

 

http://phpsec.org/

 

 

[teng84]

i believe all server side script is secure ! even if you run the page you on a browser you can only view data that are being echoed but script ? thats imposible

[prime]

I'm not sure how advanced you are..  So please take no offence if you are more advanced as I'm just going to explain soemthing just in case you didn't know already.

 

there are basicaly two types of scripting langauges, server side and client side

 

client side is very insecure as the scripts and hence all the source code runs on the client side and the client i.e user has access and ability to manipulate this code, a couple examles of client side scripting langauges are Javascript and Jscript

 

Server side scripting is very secure as the client does not have access to the source code, all they see is the resulting html none of the background processes, and though through holes someone might be bakle to hack into the site, server side langauges are inherantly a lot more secure, example of server side langauges are asp and of course php, and since php is open source I'd trust it a lot more than asp or other commercial software as you know no malicious company have hidden spyware into their programming, like microsoft have a habit of doing

[teng84]

I'm not sure how advanced you are..  So please take no offence if you are more advanced as I'm just going to explain soemthing just in case you didn't know already.

 

there are basicaly two types of scripting langauges, server side and client side

 

client side is very insecure as the scripts and hence all the source code runs on the client side and the client i.e user has access and ability to manipulate this code, a couple examles of client side scripting langauges are Javascript and Jscript

 

Server side scripting is very secure as the client does not have access to the source code, all they see is the resulting html none of the background processes, and though through holes someone might be bakle to hack into the site, server side langauges are inherantly a lot more secure, example of server side langauges are asp and of course php, and since php is open source I'd trust it a lot more than asp or other commercial software as you know no malicious company have hidden spyware into their programming, like microsoft have a habit of doing

 

are you talking to me

hmm seems like you just repeat what ive said 

[corbin]

This relates to what teng and prime said, but basically the only security problem is input from users....

 

As long as you check input correctly, PHP is very safe.

[prime]

I was replying to jmoore2020 I had read your reply until after I posted sorry I was on this page for a little.

 

I just figured a little in depth explanation of server side versus client side would be useful

[prime]

exactly as corbin just said

 

you could  create security holes by allowing people to upload files with code, and then letting them execute that file on your server.

 

but then the security is lacking in your code

[yzerman]

i believe all server side script is secure ! even if you run the page you on a browser you can only view data that are being echoed but script ? thats imposible

 

Ever put a php file on a server without php installed or configured properly. Nothing is impossible.