|
|
Posted by Jerry Stuckle on 02/27/07 16:25
walterbyrd wrote:
> I honestly don't know. But, I have seen articles and posts about how
> PHP is terribly insecure. I don't usually see comparisons to other
> common web languages.
>
> I think the big vulnerablity is supposed to be code injections.
>
> Another security issue would be having code stolen, but I think that
> PHP can be protected from that.
>
> Obviously, I don't know a lot about it.
>
Walter,
As Mike says, it's only as secure as you write it. To elaborate a
little more:
Security is not really a language issue - any language can be insecure,
even a compiled one such as C/C++. And any language can be secure.
All scripting languages tend to be less secure only because the source
code is there to see. Anyone with physical access to the server
physically or through non-web routes such as telnet/ssh or ftp can get
that source code (this includes hosting companies). Sure, they can get
a compiled code also - but that takes a lot more work to figure out
what's going on.
The only "secret" to security is the same in all languages. Understand
the language. Understand the vulnerabilities (such as SQL injection - a
potential problem in ANY language when you're using a SQL database).
And understand how to secure your code against those vulnerabilities.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|