PHP HAS SECURITY HOLES? ASP DOESN'T?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
alimax
Forum Newbie
Posts: 6
Joined: Fri Dec 06, 2002 6:30 am

PHP HAS SECURITY HOLES? ASP DOESN'T?

Post by alimax »

Hi

I am developing a small PHP app for a client who's host has advised them that they won't support PHP due to the major security risks of PHP. They will however support ASP. Anyone know about this?

Thanks
User avatar
releasedj
Forum Contributor
Posts: 105
Joined: Tue Jun 17, 2003 6:35 am

Post by releasedj »

Interesting. Maybe their host hasn't upgraded to a later version of PHP, and therefore has a versions that was found to have a security hole.

Whenever PHP has a security hole found, it is very quick in releasing a version that fixes it.

Other than that, their argument has no reasoning.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Ask them which major security risks and which PHP version they are referring to. See if they can tell you anything more detailed than that blanket statement.

Then get your client moved to a *nix host - lots more security holes on Windows platforms.

Mac
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

"there are major threats in general every- and anywhere. To protect out valuable customers we decided not to offer this kind of service"
means nothing more or less than "We don't like it" or "We committed ourself to another product"
User avatar
releasedj
Forum Contributor
Posts: 105
Joined: Tue Jun 17, 2003 6:35 am

Post by releasedj »

It's possible that they just don't want to install PHP on Windows or don't want to setup a Linux server or just don't have the resources to do this.

To state security as the reason is probably the best way to get the client off of their backs.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

and it's so easy to scare.
Took me about 10 seconds to find this page: http://www.iss.net/issEn/delivery/xforc ... =advise114

Is my data compromised now as my neighbour has IIS installed?
Damn I'm ruined
:-S
Post Reply