Importance of PHP5 for security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
WeezelDS
Forum Newbie
Posts: 12
Joined: Mon Feb 28, 2005 10:22 pm

Importance of PHP5 for security

Post by WeezelDS »

Hello,
I have a server running php 4.4.9 and I'm considering overhauling the site to get to php5 since the security updates have ended. This would be a major overhaul because large chunks of integrated code are not php5 compliant. I really haven't been johnny on the spot w/ updating php updates in the past and have had no known issues because of it. Because of this I wonder if php5 is really necessary. The site isn't all that complex, but the vast majority of code is home brewed, so I feel like it shouldn't be that vulnerable. Most of these updates I see going through for php updates are obscure holes that I would never encounter. I'm very careful about SQL injection, register globals and all those regular coding practices that stops the vast majority of problems. Developement on this site in particular has pretty much stopped, so no need to be looking forward really. I recognize that php5 would be optimal of course, but there should be a cost-benefit analysis for most decisions like this, so really, how serious are the security risks?

Yes, of course I've googled the subject, but I mostly end up w/ hype and 'moving forward blah blah'...I'm really just concerned w/ hackers. (and oh, there is no credit card information being passed around, just content and forums really)

Anyways, can somebody back me up here?...I really feel like there isn't a real security threat by not updating. Yes, some day some <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> could go down, but I feel like php4 is pretty secure w/ good coding practices.

Thanks in advance
Post Reply