Is PHP secure?

**Jas** · 04-01-2007, 12:49 AM

I don't know much about PHP, but I was woundering how secure it is for tasks like holding user infromation and passwords, etc.

Can anyone offer shed some light here?

**mburt** · 04-01-2007, 01:10 AM

PHP is secure... to a point. It's completely invisible to the user when executed as a file on the web. But a determined hacker could probably get it, no matter what. But it's definitely better then JavaScript for password/username validation.

Example:

Code:

<?php echo "test"; ?>

would be outputted on the web as "test". Even if you hit view source, you'd only see the "test".

**thetestingsite** · 04-01-2007, 02:12 AM

Originally Posted by mburt

But a determined hacker could probably get it, no matter what.

Only if you either show them the source code, or they gain access to your server (which your php scripts are hosted on). Although, if you have any decent webhost, you shouldn't need to worry too much about this.

Hope this helps.

**mburt** · 04-01-2007, 02:41 AM

or they gain access to your server (which your php scripts are hosted on)

Bingo. Try typing in Index Of: /etc in google

**thetestingsite** · 04-01-2007, 02:43 AM

Wow, that's a lot of sites. They either run their own server, or have crappy webhosts/ISPs, or both!

**joycie** · 04-01-2007, 08:16 AM

Originally Posted by mburt

Bingo. Try typing in Index Of: /etc in google

Is there a way to check if my site is one of them?

**killerchutney** · 04-01-2007, 11:16 AM

yes, create a directory with some random files in it, none called index or something that will redirect the browser if you type in http://www.whatever.com/directory/

And if when you type that in it shows a list of all the files in the directory then they could get access to your php scripts.

On my webhost (streamline.net) it says cannot show directory contents.