jmoore2020 Posted October 12, 2007 Share Posted October 12, 2007 hello everyone, I've just started learning php and i have a few questions... How secure is php compared to other available languages? would you use it for a ecommerce website or to manipulate sensitive information etc. Is is possible for others to view your code?... my concern being for mysql logins because you enter your user name and password directly in the code. Is there a site that explains common security issues with php and secure coding tutorials. Thanks in Advance, Sincerely Jason Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/ Share on other sites More sharing options...
yzerman Posted October 12, 2007 Share Posted October 12, 2007 PHP is a secure as you make it. Nothing is 100% secure. Yes you can use it to manipulate all sorts of information. It is only possible to view someone elses code if they have FTP access and download the files. http://phpsec.org/ Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367609 Share on other sites More sharing options...
teng84 Posted October 12, 2007 Share Posted October 12, 2007 i believe all server side script is secure ! even if you run the page you on a browser you can only view data that are being echoed but script ? thats imposible Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367614 Share on other sites More sharing options...
prime Posted October 12, 2007 Share Posted October 12, 2007 I'm not sure how advanced you are.. So please take no offence if you are more advanced as I'm just going to explain soemthing just in case you didn't know already. there are basicaly two types of scripting langauges, server side and client side client side is very insecure as the scripts and hence all the source code runs on the client side and the client i.e user has access and ability to manipulate this code, a couple examles of client side scripting langauges are Javascript and Jscript Server side scripting is very secure as the client does not have access to the source code, all they see is the resulting html none of the background processes, and though through holes someone might be bakle to hack into the site, server side langauges are inherantly a lot more secure, example of server side langauges are asp and of course php, and since php is open source I'd trust it a lot more than asp or other commercial software as you know no malicious company have hidden spyware into their programming, like microsoft have a habit of doing Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367619 Share on other sites More sharing options...
teng84 Posted October 12, 2007 Share Posted October 12, 2007 I'm not sure how advanced you are.. So please take no offence if you are more advanced as I'm just going to explain soemthing just in case you didn't know already. there are basicaly two types of scripting langauges, server side and client side client side is very insecure as the scripts and hence all the source code runs on the client side and the client i.e user has access and ability to manipulate this code, a couple examles of client side scripting langauges are Javascript and Jscript Server side scripting is very secure as the client does not have access to the source code, all they see is the resulting html none of the background processes, and though through holes someone might be bakle to hack into the site, server side langauges are inherantly a lot more secure, example of server side langauges are asp and of course php, and since php is open source I'd trust it a lot more than asp or other commercial software as you know no malicious company have hidden spyware into their programming, like microsoft have a habit of doing are you talking to me hmm seems like you just repeat what ive said Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367625 Share on other sites More sharing options...
corbin Posted October 12, 2007 Share Posted October 12, 2007 This relates to what teng and prime said, but basically the only security problem is input from users.... As long as you check input correctly, PHP is very safe. Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367627 Share on other sites More sharing options...
prime Posted October 12, 2007 Share Posted October 12, 2007 I was replying to jmoore2020 I had read your reply until after I posted sorry I was on this page for a little. I just figured a little in depth explanation of server side versus client side would be useful Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367630 Share on other sites More sharing options...
prime Posted October 12, 2007 Share Posted October 12, 2007 exactly as corbin just said you could create security holes by allowing people to upload files with code, and then letting them execute that file on your server. but then the security is lacking in your code Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-367632 Share on other sites More sharing options...
yzerman Posted October 16, 2007 Share Posted October 16, 2007 i believe all server side script is secure ! even if you run the page you on a browser you can only view data that are being echoed but script ? thats imposible Ever put a php file on a server without php installed or configured properly. Nothing is impossible. Link to comment https://forums.phpfreaks.com/topic/72885-new-to-php/#findComment-370494 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.