The best way of implementing a PHP application
Moderator: General Moderators
-
beckbapegeneral
- Forum Newbie
- Posts: 19
- Joined: Mon May 08, 2006 8:59 pm
The best way of implementing a PHP application
hi everyone, i am a .NET programmer here and now i am trying to learn php. in .NET, to ensure security in the application, we code the program in a 3-tier basis. but in php, how do you all actually do the coding in order to provide security, not allow external users to view your coding 
-
beckbapegeneral
- Forum Newbie
- Posts: 19
- Joined: Mon May 08, 2006 8:59 pm
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
PHP scripts are processed on the server with their output being sent to the browser requesting it. The code that is inside the script is not available for the browser to see unless you allow it or use file extensions that aren't automatically handled by php's interpreter. For instance, if you saved a script as foo.inc and php only knew to process .php files, foo.inc's code would be accessible to a user's browser request. This is all assuming a fairly vanilla install of many things.
-
beckbapegeneral
- Forum Newbie
- Posts: 19
- Joined: Mon May 08, 2006 8:59 pm
-
beckbapegeneral
- Forum Newbie
- Posts: 19
- Joined: Mon May 08, 2006 8:59 pm
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: The best way of implementing a PHP application
The 3-tier architecture is less for security than to provide clear dependencies. In PHP you can implement a 3-tier architecture if you wish, but you need to provide your own discipline.beckbapegeneral wrote:to ensure security in the application, we code the program in a 3-tier basis. but in php, how do you all actually do the coding in order to provide security, not allow external users to view your coding
As feyd says, a properly configured server is the first step in security. Inside the application, probably the most important things in web applications (.NET or PHP) are to filter and validate all untrusted input and to filter and/or escape all untrusted data that you output.
(#10850)