On Mon, Nov 07, 2005 at 01:50:59PM -0800, Richard wrote: > I've heard that php is not particularly secure, making it problematic if you > intend to create a web site with commerce, etc. Is there a particular news > group that addresses security issues? I'm looking for some guidlines on > ensuring that my site is secure from malicious hackers. Other people have already addressed issues about writing secure code, but if you're concerned about PHP itself being inherently insecure you could always take a look at Hardened-PHP: http://www.hardened-php.net/ I haven't used it myself, so can't vouch for how secure it actually is. Obviously any system is only going to be as strong as its weakest link, so if you have users with guessable passwords then you'd want to address that before worrying about whether PHP is secure or not (and of all the vulnerabilities that I've seen exploited on servers, the two major problems are insecure scripts - such as phpBB - not being kept up to date, and users choosing poor passwords or giving out their login details to other people). Paul -- Rogue Tory http://www.roguetory.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
