I don't know much about PHP, but I was woundering how secure it is for tasks like holding user infromation and passwords, etc.
Can anyone offer shed some light here?
Printable View
I don't know much about PHP, but I was woundering how secure it is for tasks like holding user infromation and passwords, etc.
Can anyone offer shed some light here?
PHP is secure... to a point. It's completely invisible to the user when executed as a file on the web. But a determined hacker could probably get it, no matter what. But it's definitely better then JavaScript for password/username validation.
Example:
would be outputted on the web as "test". Even if you hit view source, you'd only see the "test".Code:<?php echo "test"; ?>
Only if you either show them the source code, or they gain access to your server (which your php scripts are hosted on). Although, if you have any decent webhost, you shouldn't need to worry too much about this.Quote:
Originally Posted by mburt
Hope this helps.
Bingo. Try typing in Index Of: /etc in googleQuote:
or they gain access to your server (which your php scripts are hosted on)
Wow, that's a lot of sites. They either run their own server, or have crappy webhosts/ISPs, or both!
Is there a way to check if my site is one of them?:confused:Quote:
Originally Posted by mburt
yes, create a directory with some random files in it, none called index or something that will redirect the browser if you type in http://www.whatever.com/directory/
And if when you type that in it shows a list of all the files in the directory then they could get access to your php scripts.
On my webhost (streamline.net) it says cannot show directory contents.
I seem to be safe...
Index of: etc/ site:boxxer.mooo.com
PHP has a long history of security issues. It's widely considered rather insecure.
PHP flaws aside, though, it's as secure as you write it.
More secure than javascript. Heck, javascript doesn't even try to be secure.