Comments on: PHP Security: Dumb Users or Dumb APIs?

By: crfzorgmzx

crfzorgmzx — Wed, 24 Jan 2007 09:30:29 +0000

By: planderman

planderman — Sat, 13 Jan 2007 21:41:00 +0000

It seems like there’s a lot of php security risks when it comes to accepting input from a Web site or displaying data on a Web site. I doubt there’s any way to prevent them all, but is there a way to stop the top threats, maybe the top 5 threats?

By: Hl4bFeK6tO

Hl4bFeK6tO — Thu, 06 Jul 2006 02:00:20 +0000

uQtIgOAlE6KM qEgJ1S3mhQ B3o6TVDytknP15

By: Icheb

Icheb — Sat, 28 Jan 2006 04:56:33 +0000

So what’s you’re point sir?

My eyes hurt after having to read that sentence.

By: RodeWorks » PHP Security

RodeWorks » PHP Security — Fri, 27 Jan 2006 18:26:38 +0000

[...] SitePoint Blogs » PHP Security: Dumb Users or Dumb APIs? [...]

By: WebDevGuy

WebDevGuy — Fri, 27 Jan 2006 14:34:22 +0000

If people don’t take the time to learn the correct way to do something, …

The problem with that is where do you go to learn? One expert might do it this way and another expert another way.

This is what I meant when I said earlier that until there is one recognized authority, it will be every man for himself.

I am NOT advocating everyone give up their freedom and I am not saying we have to have a more secure base PHP be default.

What I am saying is that everyone needs to educate themselves but in a standard way from an authoritative source. That source would consist of of 8 – 10 experts agreeing on a common way to overcome security isses.

You might laugh and say, we can’t get 8 – 10 people to agree on that. If you do…you have restated the problem I am raising.

By: Techniek » Projecten PHP en beveiliging

Techniek » Projecten PHP en beveiliging — Fri, 27 Jan 2006 08:24:19 +0000

[...] PHP is echter van nature niet zo veilig. Als je niet uitkijkt hoe je programmeert krijg je te maken allerlei ongein zoals Cross Site Scripting attacks (XSS), Session hijacking en vooral ook SQL injection. [...]

By: malikyte

malikyte — Thu, 26 Jan 2006 20:31:56 +0000

Nick, the unfortunate thing is that it still comes back to PHP itself. With your dynamite example:

1.) You can try to make some dynamite from scratch, buying all the chemicals, mixing it all together, pouring it into the candles…

…OR…

2.) You buy a kit with simple instructions and safety precautions.

#2 doesn’t necessarily mean that it’s never going to be unsafe, but it’s a better chance that you’d have less problems because you don’t have to worry about the deep down nitty gritty stuff. This is something like PHP (#1) and ASP.NET (#2).

Personally, I prefer PHP over ASP.NET (using C#), but that’s just me.

By: Nick

Nick — Thu, 26 Jan 2006 16:50:16 +0000

Screw the newbies. If you read a book on dynamite, then go out and try to make some, you are a fool (likely a a dead or deformed fool at this point). Same logic applies here IMHO. If people don’t take the time to learn the correct way to do something, they have no one to blame but themselves for the eventual repercussions. This is not a discussion about the security (or lack thereof) in PHP, but rather human nature in general. Just my $0.02.

By: Cyberborean Chronicles » Blog Archive » [Links:] Jan, 26 2006

Cyberborean Chronicles » Blog Archive » [Links:] Jan, 26 2006 — Thu, 26 Jan 2006 07:59:23 +0000

[...] Sitepoint blogs: PHP Security: Dumb Users or Dumb APIs? [...]