SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Question "ASP is more secure than PHP"

    "ASP is more secure than PHP" what are your thoughts?

    ro0bear

  2. #2
    SitePoint Zealot
    Join Date
    Jul 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can't really ask that.. it will always depend on the coder. PHP is always associated with security issues because it's accessibility to newer, more novice "coders." A PHP application done right can be as secure as any ASP.NET application.

  3. #3
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DanSEO View Post
    You can't really ask that.. it will always depend on the coder. PHP is always associated with security issues because it's accessibility to newer, more novice "coders." A PHP application done right can be as secure as any ASP.NET application.
    Thats what I suspected, but knowing only PHP, I wanted to check, as somone I was speaking to was adimant that ASP.NET was more secure.

  4. #4
    SitePoint Addict Robert_2006's Avatar
    Join Date
    Jun 2006
    Location
    Tarpon Springs Fl.
    Posts
    265
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've delt with this before myself and it's normally asp coders that are un accepting of any other type of coding. It all depends on the coder like was mentioned.

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,836
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    It all depends on the program that is written using either language. Neither language is any more or less insecure than the other if the coding is done properly.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,635
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    ^^^That is the big if. It is definitely much easier to create a PHP app with glaring security holes than to create an ASP.NET app with glaring security holes. That said, you can shoot yourself in the foot with either language easily enough.

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,836
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    ^^^That is the big if. It is definitely much easier to create a PHP app with glaring security holes than to create an ASP.NET app with glaring security holes. That said, you can shoot yourself in the foot with either language easily enough.
    What about a PHP.NET app? How would that compare with regard to the ease of creating security holes?
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,635
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Never really worked with it, so I can't say for certain. I would guess that you are probably halfway in between. You will still pick up alot of the underlying security features from the way .NET handles Http and you will be working in a type-save CLR environmnent, but you can still have lots of the top-of-the-stack issues PHP is famous for if you don't follow good coding practices otherwise.

    Side Note: what is the fetish with PHP.NET? I can't think of anyone using it in production these days . . .

  9. #9
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,836
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The fact that PHP.NET exists demonstrates that PHP and .NET are two totally different things and comparing them is meaningless.

    What you would need to do is to compare vb.net, jscript.net, c++.net, php.net etc

    or compare all the same languages running in a different environment.

    Neither of those layers is the one where all the security issues occur either - they all happen at the application program level and the security or otherwise of the programs is relative to the experience of the people writing the programs. If you have experienced programmers writing the programs then there will be minimal security issues regardless of the language.

    The least secure languages are therefore the ones that the newbies choose to use BECAUSE they are chosen to be used by newbies rather than because the languages themselves are insecure.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  10. #10
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most of the responsibility of maintaining secure applications belongs to the coder. You can write bad code in any language.

    Be that as it may, some languages seem to be more conducive to having security holes, based on the kind of features available to them and whatever the standard coding practices are. Take for example features such as register_globals and allow_url_fopen in PHP - they don't automatically create security holes but if you are not extremely careful you can leave the application wide open. Features such as this should be phased out because they make it entirely too easy to make a mistake. Fortunately, they were removed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •