Posted by Paul Waring on 09/28/97 11:31

On Mon, Nov 07, 2005 at 01:50:59PM -0800, Richard wrote:
> I've heard that php is not particularly secure, making it problematic if you
> intend to create a web site with commerce, etc. Is there a particular news
> group that addresses security issues? I'm looking for some guidlines on
> ensuring that my site is secure from malicious hackers.

Other people have already addressed issues about writing secure code,
but if you're concerned about PHP itself being inherently insecure you
could always take a look at Hardened-PHP:

http://www.hardened-php.net/

I haven't used it myself, so can't vouch for how secure it actually is.
Obviously any system is only going to be as strong as its weakest link,
so if you have users with guessable passwords then you'd want to address
that before worrying about whether PHP is secure or not (and of all the
vulnerabilities that I've seen exploited on servers, the two major
problems are insecure scripts - such as phpBB - not being kept up to
date, and users choosing poor passwords or giving out their login
details to other people).

Paul

--
Rogue Tory
http://www.roguetory.org.uk

[Back to original message]