Page 1 of 1

PHP HAS SECURITY HOLES? ASP DOESN'T?

Posted: Tue Jun 24, 2003 6:03 am
by alimax
Hi

I am developing a small PHP app for a client who's host has advised them that they won't support PHP due to the major security risks of PHP. They will however support ASP. Anyone know about this?

Thanks

Posted: Tue Jun 24, 2003 6:33 am
by releasedj
Interesting. Maybe their host hasn't upgraded to a later version of PHP, and therefore has a versions that was found to have a security hole.

Whenever PHP has a security hole found, it is very quick in releasing a version that fixes it.

Other than that, their argument has no reasoning.

Posted: Tue Jun 24, 2003 7:07 am
by twigletmac
Ask them which major security risks and which PHP version they are referring to. See if they can tell you anything more detailed than that blanket statement.

Then get your client moved to a *nix host - lots more security holes on Windows platforms.

Mac

Posted: Tue Jun 24, 2003 7:11 am
by volka
"there are major threats in general every- and anywhere. To protect out valuable customers we decided not to offer this kind of service"
means nothing more or less than "We don't like it" or "We committed ourself to another product"

Posted: Tue Jun 24, 2003 7:15 am
by releasedj
It's possible that they just don't want to install PHP on Windows or don't want to setup a Linux server or just don't have the resources to do this.

To state security as the reason is probably the best way to get the client off of their backs.

Posted: Tue Jun 24, 2003 7:19 am
by volka
and it's so easy to scare.
Took me about 10 seconds to find this page: http://www.iss.net/issEn/delivery/xforc ... =advise114

Is my data compromised now as my neighbour has IIS installed?
Damn I'm ruined
:-S