Vista to Vista

 
Home > PHP Programming Information > PHP Programming Knowledge Base > Can anyone tell me if the security of Php Programming language is strong. Thank you very much.?

Can anyone tell me if the security of Php Programming language is strong. Thank you very much.?

Public Comments

  1. PHP has good tools to ensure security, but it doesn't stop there. Is the web server which it is running on properly secured? Is the machine on which the web server properly secured?
  2. php has a function for encrypting passwords called md5. Its a complex hashing algorithm. But, a websites security is only as good as the programming that goes into it. You need to account for SQL injection, programming bugs, etc.
  3. Yes! PHP is a very strong language. This language was designed specifically for designing dynamic webpages, so every security breach known has been taken into consideration. That being said, as a programmer, webmaster (and often times server admin) you need to understand the possible problems and how to implement the fixes. It's pretty much impossible to hack a php script by doing the common attacks, such as a buffer overflow. However, you have to take care of other things, such as making sure you encrypt passwords, you store data in a password protected database, you give appropriate permissions to the files on the server, and that you encrypt your site using SSL. These days, all top level server side scripting languages (php, asp, perl...) are top notch in the security department. What it comes down to is you knowing how to use it. Do you have a specific concern or issue? Or a more specific security question? Please elaborate if you need more info.
  4. Security in PHP is only as strong as the programmer. If you have a keen eye and can identify potential security vulnerabilities then yes PHP can be very secure. On the other hand if you have no concept of security then the scripts you create will most likely be riddled with security bugs. For example 1 of the biggest security bugs is called an XSS (Cross Site Scripting). This is caused by a programmer not validating user input properly and then outputting what that user has used. There are 2 ways to combat this:- 1) When outputting user data use functions such as htmlentities() 2) To validate users input properly. For example if you ask for someons age then only accept numbers (may sound obvious but many people get things like this wrong). Another cause for security vulnerabilities are SQL injection. Some examples of combating this are:- 1) Use stored procedures 2) Validate user input 3) Use mysql_real_escape_string on the values you input to the databae. Obviously this is purely for a mysql database, this is not necessary when using a stored procedure.
Powered by Yahoo! Answers

Amazon.com