exactly how secure is php?

@Daniel_TFeb 29.2004

hi, i was wondering exactly how secure php really is. im on bout page 20 of my book, and im experimenting and i whipped up this:

~~[url]~~http://216.36.173.149/php%20work/login.php[/url] <– sorry, only works when my comp is on?

now, there is no way to hack this by looking at source(that i can c), other than hacking the server sumhow, but is php really that secure? i mean, if thats all u need to do 2 make a secure login…
-Dan

to post a comment

PHP

20 Comments(s) _↴

@ConorFeb 29.2004 — #why are you using method=GET for a password i reccomend POST remember that it defaults to GET.

@Daniel_TauthorFeb 29.2004 — #[i]Originally posted by RefreshF5 [/i]

[B]why are you using method=GET for a password i reccomend POST remember that it defaults to GET. [/B][/QUOTE]
oh, ill specify the method then.

@NevermoreFeb 29.2004 — #The code is secure; to get the password one would have to listen in on the communication - to avoid this you would have to encrypt with SSL or something of that ilk.

@Daniel_TauthorFeb 29.2004 — #[i]Originally posted by cijori [/i]

[B]The code is secure; to get the password one would have to listen in on the communication - to avoid this you would have to encrypt with SSL or something of that ilk. [/B][/QUOTE]
yes, i noticed that when u go through, it displays the entered username and password in the address bar. but its still pretty amazing that such a small script can b that secure. PHP ROCKS!!!?

-Dan

btw, the password and username are both 'dan'?

@NevermoreFeb 29.2004 — #The reason that it displays them in the address bar is that you're using GET to send the form. Using POST is much more secure because it doesn't display them there.

@Daniel_TauthorFeb 29.2004 — #yes, i see that. btw, how would sum1 go about doing this 'encrypting the communication'?

-Dan

@NevermoreFeb 29.2004 — #With SSL or a Java applet.

@Daniel_TauthorFeb 29.2004 — #SSL as in Server Side Language?

@NevermoreFeb 29.2004 — #Secure Socket Layer (I think)

@Daniel_TauthorFeb 29.2004 — #ok, do u know of a good article sumwhere that would tell me how to do this?

@The_CheatFeb 29.2004 — #try accessing the form page with the same url except http[b]s[/b]://

if your server supports ssl then i think that should work, (i could be wrong though) ... contact your web host provider.....

@Daniel_TauthorFeb 29.2004 — #[i]Originally posted by The Cheat [/i]

[B]try accessing the form page with the same url except http[b]s[/b]://

if your server supports ssl then i think that should work, (i could be wrong though) ... contact your web host provider..... [/B][/QUOTE]

i tried doing that just now, but it said 'the connection was refused when attempting to contact 216.36.173.149.' as for web host provider, i am running it off my computer, so i dont have a host.

-Dan

@NevermoreMar 01.2004 — #To use SSL would require a server supporting it (e.g. Apache) and a certificate. Well, technically I don't think you need the certificate, but you're meant to. You would need to talk to someone who knows more.

@patpawlowskiMar 01.2004 — #Normally if someone was hosing your page and they had ssl installed you would simply access the page via https:// instead of http:// That's all you would do differently. Do you plan on hosting your own secure web page? If so then you would need check on your web server documentation to see how to administer it.

@Daniel_TauthorMar 01.2004 — #no, i dont plan on hosting my own, im just using my own for testing. but it still would b nice to have evrything installed on it even just for testing purposes.

-Dan

@patpawlowskiMar 02.2004 — #I'm not much help there. What type of server are you running? Linux, Windows, Appache, IIS?

@Daniel_TauthorMar 02.2004 — #[i]Originally posted by patpawlowski [/i]

[B]I'm not much help there. What type of server are you running? Linux, Windows, Appache, IIS? [/B][/QUOTE]
i'm running apache 2. here's my server url: http://216.36.173.149/. there's no index page, so dont expect 2 find much?

-Dan

@patpawlowskiMar 02.2004 — #If you are running it on a linux box you might try posting @ linuxquestions.org. It is a very similar board to this and they should be able to help you get apache configured for ssl.

@crh3675Mar 02.2004 — #You can create a self-signed digital certificate using the Open SSL package. Read this article here: http://www.pseudonym.org/ssl/ssl_server_certs.html

Of course, you will need Open SSL installed and you will have to modify your httpd.conf file to accept the certificate. It can get hairy!

@Daniel_TauthorMar 02.2004 — #[i]Originally posted by crh3675 [/i]

[B]You can create a self-signed digital certificate using the Open SSL package. Read this article here: http://www.pseudonym.org/ssl/ssl_server_certs.html

Of course, you will need Open SSL installed and you will have to modify your httpd.conf file to accept the certificate. It can get hairy! [/B][/QUOTE]

yes, i was reading about some of the choices as to ssl, and i ended up downloading openssl, as it seemed to b what i wuz looking for. thank u for that link, crh, i will definitely check that out?

-Dan

Also in #PHP _↴

Uploading jpg's Saving images in db using Php/MySQL as slow as Asp.Net/MS SQL?Problem with mySQL

Success!

Help @Daniel_T spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

exactly how secure is php?

20 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

exactly how secure is php?

20 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

20 Comments(s) _↴

Also in #PHP _↴