Importance of PHP5 for security
Posted: Tue Sep 02, 2008 7:45 pm
Hello,
I have a server running php 4.4.9 and I'm considering overhauling the site to get to php5 since the security updates have ended. This would be a major overhaul because large chunks of integrated code are not php5 compliant. I really haven't been johnny on the spot w/ updating php updates in the past and have had no known issues because of it. Because of this I wonder if php5 is really necessary. The site isn't all that complex, but the vast majority of code is home brewed, so I feel like it shouldn't be that vulnerable. Most of these updates I see going through for php updates are obscure holes that I would never encounter. I'm very careful about SQL injection, register globals and all those regular coding practices that stops the vast majority of problems. Developement on this site in particular has pretty much stopped, so no need to be looking forward really. I recognize that php5 would be optimal of course, but there should be a cost-benefit analysis for most decisions like this, so really, how serious are the security risks?
Yes, of course I've googled the subject, but I mostly end up w/ hype and 'moving forward blah blah'...I'm really just concerned w/ hackers. (and oh, there is no credit card information being passed around, just content and forums really)
Anyways, can somebody back me up here?...I really feel like there isn't a real security threat by not updating. Yes, some day some <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> could go down, but I feel like php4 is pretty secure w/ good coding practices.
Thanks in advance
I have a server running php 4.4.9 and I'm considering overhauling the site to get to php5 since the security updates have ended. This would be a major overhaul because large chunks of integrated code are not php5 compliant. I really haven't been johnny on the spot w/ updating php updates in the past and have had no known issues because of it. Because of this I wonder if php5 is really necessary. The site isn't all that complex, but the vast majority of code is home brewed, so I feel like it shouldn't be that vulnerable. Most of these updates I see going through for php updates are obscure holes that I would never encounter. I'm very careful about SQL injection, register globals and all those regular coding practices that stops the vast majority of problems. Developement on this site in particular has pretty much stopped, so no need to be looking forward really. I recognize that php5 would be optimal of course, but there should be a cost-benefit analysis for most decisions like this, so really, how serious are the security risks?
Yes, of course I've googled the subject, but I mostly end up w/ hype and 'moving forward blah blah'...I'm really just concerned w/ hackers. (and oh, there is no credit card information being passed around, just content and forums really)
Anyways, can somebody back me up here?...I really feel like there isn't a real security threat by not updating. Yes, some day some <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> could go down, but I feel like php4 is pretty secure w/ good coding practices.
Thanks in advance