Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts

    How confident are you in the security of your PHP?

    Hello!

    I am learning PHP again and I always hear there are so many security risks and things you have to make sure you cover. How long does it take to write secure code and will PHP code ever be bulletproof? When you guys write PHP, do you feel like it is very secure and how long did it take to feel that way? Right now whatever I write feels like it probably is very weak. When you talk about PHP security, is the main issue about hackers getting into the database and people crashing your servers (by spamming searches with bots and loops)? Are there any other issues?

    Does ASP have security risks? I don't hear that much about it, even though they serve for the same purpose?

    Are these good links to learn about PHP security? Any others?
    http://php.net/manual/en/security.php
    http://phpsec.org/projects/guide/1.html
    Last edited by RonnyNishimoto; 07-19-2012 at 10:10 PM.

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    PHP itself is reasonably secure so as long as you write your code properly you shouldn't have any problems. The security issues all relate to slack coding and so are equally applicable to ANY language and the only reason that PHP gets mentioned is that more people who don't know how to code properly use PHP than use the alternatives.

    The thing I have noticed that causes most security issues is that people forget to validate the inputs before they start processing them. Even where that doesn't produce security issues it still allows junk values to be entered and processed. If all user inputs are properly validated and all outputs are appropriately escaped when necessary then the risk of any security issues is reduced to a minimum without having started on adding any code specifically for security.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    RonnyNishimoto (07-19-2012)

  • #3
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    Thank you!

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,331
    Thanks
    13
    Thanked 348 Times in 344 Posts
    for validating the User Input, check out PHP’s Filter Functions.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    New Coder
    Join Date
    Sep 2011
    Location
    Blackpool
    Posts
    55
    Thanks
    7
    Thanked 1 Time in 1 Post
    Take a look at this http://ha.ckers.org/xss.html
    Subscribe to a channel dedicated to helping people learn HTML, PHP & CSS.
    http://www.youtube.com/user/RanTutorials


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •