Page 1 of 1
The best way of implementing a PHP application
Posted: Mon May 08, 2006 9:13 pm
by beckbapegeneral
hi everyone, i am a .NET programmer here and now i am trying to learn php. in .NET, to ensure security in the application, we code the program in a 3-tier basis. but in php, how do you all actually do the coding in order to provide security, not allow external users to view your coding

Posted: Mon May 08, 2006 9:18 pm
by feyd
set up the server correctly and the script code won't be available to anyone but the administrators.
Posted: Mon May 08, 2006 9:23 pm
by beckbapegeneral
may i know what does that means? pardon me for asking so much.. just trying to learn more
Posted: Mon May 08, 2006 9:43 pm
by feyd
PHP scripts are processed on the server with their output being sent to the browser requesting it. The code that is inside the script is not available for the browser to see unless you allow it or use file extensions that aren't automatically handled by php's interpreter. For instance, if you saved a script as foo.inc and php only knew to process .php files, foo.inc's code would be accessible to a user's browser request. This is all assuming a fairly vanilla install of many things.
Posted: Mon May 08, 2006 9:46 pm
by beckbapegeneral
ok.. i see.. so you are meaing to say that .php scripts are stored in the server.. but i thought that when doing php programming.. we are coding the php programming language in the html file just that we are naming it as .php?
Posted: Mon May 08, 2006 9:51 pm
by feyd
A PHP script file can include HTML yes, but the PHP code itself will not be transmitted with it. Instead the output of that PHP code will be intermixed in with the HTML based on where you laid the PHP.
Posted: Mon May 08, 2006 9:54 pm
by beckbapegeneral
okok.. now i understand.. thanks alot for the guiding Modermonkey

Re: The best way of implementing a PHP application
Posted: Mon May 08, 2006 10:29 pm
by Christopher
beckbapegeneral wrote:to ensure security in the application, we code the program in a 3-tier basis. but in php, how do you all actually do the coding in order to provide security, not allow external users to view your coding

The 3-tier architecture is less for security than to provide clear dependencies. In PHP you can implement a 3-tier architecture if you wish, but you need to provide your own discipline.
As feyd says, a properly configured server is the first step in security. Inside the application, probably the most important things in web applications (.NET or PHP) are to filter and validate all untrusted input and to filter and/or escape all untrusted data that you output.