On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote:
Eric Gorr wrote:
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
Eric Gorr wrote:
I've heard some concern expressed that PHP might be more
insecure then
other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would
help me
to convince others if I could point to major sites, where security
(mostly with respect to the user authentication system) was
extremely
important (financial sites, etc.) and where PHP was the primary
development platform.
google, yahoo.
For their user authentication system? Session management? Everything?
Don't suppose there would be any URL (press release, just general
info,
etc.) with that information?
for the rest search Zend.com or your favorite sdearch engine
Thanks.
While zend.com, etc. will tell me who is using PHP, they do not
generally state exactly how it is being used and, as much as the
who, it
is the how that is important.
ah right - please ignore my post - I wasn't really reading your
question properly,
my apologies
Well, if you do not know the answer to my particular question, I'm
curious how might you respond to someone who says:
PHP has to many security issues and should not be used with a
user authentication system.
We should use XXX.
You are not allowed to say 'Well, you're wrong. PHP is as secure as
anything else.' without explaining why.
Or, would you agree with the statement? Is there an 'XXX' that should
be used instead of PHP?
Given the limited number of options for maintaining state
information, I would be hard pressed to see how any language could be
inherently more security or why one could not write PHP code which
implemented the same techniques as 'XXX'.
(No, I do not know what 'XXX' might be.)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
