Web Design Forums

freelancr · 09-03-2008, 05:45

Quote:

Originally Posted by hobolooter

haha if you think php is secure, you have a lot to learn grasshopper.

The earth is flat. It must be true because I said it on a forum.

freelancr · 09-03-2008, 05:55

Quote:

Originally Posted by Hunch

Why would you assume that? By all means argue the point, but don't just make stuff up. I might not know much about many things, but I was programming before you were born, grasshopper.

Instead of writing spin, just provide me with some examples of why PHP is insecure...

Sure you have said compiled languages are more secure, but your reasoning for that was in case someone managed to get access to the server - which was a bit of a lame argument because someone looking at your source is the least of your troubles when they have control over your server. So to twarte that there are things like Zend guard, or roadsend, which make the source so it is not human readable.

If you think PHP isn't secure, just explain why?

I feel you are making the mistake of comparing the language to applications previously written for it. Just because some n00b writes a pos like PHP Nuke really badly, and people hack it, does not mean PHP isn't secure.

There are plenty of multi-million pound companies, who operate soley online, making use of PHP for their ecommerce websites. If PHP is in secure, why is it so popular for such applications?

Larixk · 09-03-2008, 06:59

^I'm with freelancr here.

As a lame example: There's nothing insecure about this in php:

Code:

<?php
  echo "hello world";
?>

so using php isn't inherently insecure.

It only becomes insecure because it's easy to not validate user input, prevent mysql-injections or xss, or secure private data.
PHP has the lowest learning curve of all the major languages used for web-dev. This makes it an excellent choice for starting developers without a clue of security:
The starting developer hacks up something extremely crappy, but it works. He is amazed by his talents and releases the app, proudly stating he's a php-developer. But after a few months, his site gets exploited to bits and people notice how this php-developer built an insecure load of crap.
After this happened quite some times php got the name of being insecure while a great developer is still able to build a really strong app with it.

MikeMackay · 09-03-2008, 09:10

Quality thread

- Mike

09-03-2008, 06:59	#43 (permalink)
Larixk Senior Member Join Date: Sep 2006 Location: Utrecht, Netherlands Posts: 933	^I'm with freelancr here. As a lame example: There's nothing insecure about this in php: Code: <?php echo "hello world"; ?> so using php isn't inherently insecure. It only becomes insecure because it's easy to not validate user input, prevent mysql-injections or xss, or secure private data. PHP has the lowest learning curve of all the major languages used for web-dev. This makes it an excellent choice for starting developers without a clue of security: The starting developer hacks up something extremely crappy, but it works. He is amazed by his talents and releases the app, proudly stating he's a php-developer. But after a few months, his site gets exploited to bits and people notice how this php-developer built an insecure load of crap. After this happened quite some times php got the name of being insecure while a great developer is still able to build a really strong app with it. __________________

09-03-2008, 09:10	#44 (permalink)
MikeMackay Everything is fine. Join Date: Feb 2005 Location: Witham & London Posts: 744	Quality thread - Mike __________________ Mike Mackay: Web Developer - LinkedIn - FutureTweets; Easily create and schedule your Twitter posts

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)