OCCRA
Go to Post I wonder if the kit motors run counterclockwise in the Southern Hemisphere? - Gary Dillard [more]
Home
Go Back   Chief Delphi > Technical > IT / Communications > Website Design/Showcase
CD-Events   CD-Media   CD-Spy   FRC-Spy  
portal register members calendar search Today's Posts Mark Forums Read FAQ rules

 
Closed Thread
Thread Tools Rate Thread Display Modes
  #1   Spotlight this post!  
Unread 07-02-2003, 11:25 AM
purplehaze357's Avatar
purplehaze357 purplehaze357 is offline
OMG We're Back Again
AKA: Joe Troy Jr.
#0357 (Royal Assault)
Team Role: Mentor
 
Join Date: Mar 2002
Rookie Year: 1999
Location: Upper Darby High School, Upper Darby PA
Posts: 711
purplehaze357 is on a distinguished road
Send a message via AIM to purplehaze357 Send a message via Yahoo to purplehaze357
PHP as a security risk

Im in the process of re-designing my school districts webpage. I am the webmaster for the school district and we have discussed changing to php. Our web host (who also host our robotics website) says that it is a security risk and doesnt know if he'll allow it. Can someone inform me on what he is talking about?

Brandon what are your feelings you seem to have a lot of experience with this?

www.udsd.k12.pa.us

thats the site now...

http://ud.akwire.net

is what we're workin on at this time.

thank you in advance
__________________

2004 Philadelphia Regional Referee
2005 Pittsburg Regional Referee
2005 Philadelphia Regional Referee

2003 Chesapeake Regional Chairmans Award Winners
2003 Chesapeake Regional "Delphi Driving Tormorrows Technology" Recipients

Aim: smallmanjoe98
Email: jtroy@temple.edu
  #2   Spotlight this post!  
Unread 07-02-2003, 11:41 AM
apk apk is offline
Hi Everyone, I'm Back.
AKA: Andrew K.
#0104 (Team Universal)
Team Role: Alumni
 
Join Date: Dec 2002
Rookie Year: 2002
Location: West Chester, PA
Posts: 206
apk will become famous soon enough
Send a message via ICQ to apk Send a message via AIM to apk Send a message via MSN to apk Send a message via Yahoo to apk
May I ask what web server and OS is being run?
__________________
~Andrew
http://www.team104.com/
  #3   Spotlight this post!  
Unread 07-02-2003, 11:50 AM
Brandon Martus's Avatar Unsung FIRST Hero
Brandon Martus Brandon Martus is offline
busy.
AKA: B. Slash Kamen
no team
 
Join Date: May 2001
Rookie Year: 1998
Location: Nevada, TX USA
Posts: 5,408
Brandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond repute
Send a message via ICQ to Brandon Martus Send a message via AIM to Brandon Martus Send a message via Yahoo to Brandon Martus Send a message via Skype™ to Brandon Martus
Re: PHP as a security risk

Quote:
Originally posted by purplehaze357

Brandon what are your feelings you seem to have a lot of experience with this?
[/color]
PHP's info about security

They mention: A completely secure system is a virtual impossibility, so an approach often used in the security profession is one of balancing risk and usability.

No matter what OS and/or configuration you are running, as long as you keep up to date with security patches & new releases, you should be fine. We use linux+php at work and deal with alot of highly sensitive data. If you configure it correctly and know how to manitain it, there shouldn't be any security problems running php.
__________________
Brandon Martus
e-mail
  #4   Spotlight this post!  
Unread 07-02-2003, 12:37 PM
Rickertsen2 Rickertsen2 is offline
Umm Errr...
None #1139 (Chamblee Gear Grinders)
Team Role: Alumni
 
Join Date: Dec 2002
Rookie Year: 2002
Location: ATL
Posts: 1,422
Rickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant future
Send a message via AIM to Rickertsen2 Send a message via Yahoo to Rickertsen2
If properly implemented and kept up to date, the security risks are minimal. Many large scale websites use PHP and do not have any problems.
__________________
1139 Alumni
  #5   Spotlight this post!  
Unread 07-02-2003, 12:50 PM
purplehaze357's Avatar
purplehaze357 purplehaze357 is offline
OMG We're Back Again
AKA: Joe Troy Jr.
#0357 (Royal Assault)
Team Role: Mentor
 
Join Date: Mar 2002
Rookie Year: 1999
Location: Upper Darby High School, Upper Darby PA
Posts: 711
purplehaze357 is on a distinguished road
Send a message via AIM to purplehaze357 Send a message via Yahoo to purplehaze357
hah..thank you brandon....i told them this and they said its a security risk blah blah blah...and i knew right where to come for proof...booh yaah
__________________

2004 Philadelphia Regional Referee
2005 Pittsburg Regional Referee
2005 Philadelphia Regional Referee

2003 Chesapeake Regional Chairmans Award Winners
2003 Chesapeake Regional "Delphi Driving Tormorrows Technology" Recipients

Aim: smallmanjoe98
Email: jtroy@temple.edu
  #6   Spotlight this post!  
Unread 07-02-2003, 12:54 PM
Brandon Martus's Avatar Unsung FIRST Hero
Brandon Martus Brandon Martus is offline
busy.
AKA: B. Slash Kamen
no team
 
Join Date: May 2001
Rookie Year: 1998
Location: Nevada, TX USA
Posts: 5,408
Brandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond repute
Send a message via ICQ to Brandon Martus Send a message via AIM to Brandon Martus Send a message via Yahoo to Brandon Martus Send a message via Skype™ to Brandon Martus
Show them this:

http://news.com.com/2100-1023-963937.html?tag=lh

and ask them if a large company such as Yahoo would drop their own 100% custom scripting language to use something that is insecure..
__________________
Brandon Martus
e-mail
  #7   Spotlight this post!  
Unread 07-02-2003, 01:11 PM
purplehaze357's Avatar
purplehaze357 purplehaze357 is offline
OMG We're Back Again
AKA: Joe Troy Jr.
#0357 (Royal Assault)
Team Role: Mentor
 
Join Date: Mar 2002
Rookie Year: 1999
Location: Upper Darby High School, Upper Darby PA
Posts: 711
purplehaze357 is on a distinguished road
Send a message via AIM to purplehaze357 Send a message via Yahoo to purplehaze357
thank you...i just sent him an email containg the information and the links that you gave me.

Brandon would you mind, if he needs to talk to someone that has experience running a php server, if i put him in contact with you?
__________________

2004 Philadelphia Regional Referee
2005 Pittsburg Regional Referee
2005 Philadelphia Regional Referee

2003 Chesapeake Regional Chairmans Award Winners
2003 Chesapeake Regional "Delphi Driving Tormorrows Technology" Recipients

Aim: smallmanjoe98
Email: jtroy@temple.edu
  #8   Spotlight this post!  
Unread 07-02-2003, 01:57 PM
Brandon Martus's Avatar Unsung FIRST Hero
Brandon Martus Brandon Martus is offline
busy.
AKA: B. Slash Kamen
no team
 
Join Date: May 2001
Rookie Year: 1998
Location: Nevada, TX USA
Posts: 5,408
Brandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond repute
Send a message via ICQ to Brandon Martus Send a message via AIM to Brandon Martus Send a message via Yahoo to Brandon Martus Send a message via Skype™ to Brandon Martus
Quote:
Originally posted by purplehaze357
thank you...i just sent him an email containg the information and the links that you gave me.

Brandon would you mind, if he needs to talk to someone that has experience running a php server, if i put him in contact with you?
Sure.. I don't know how much help I can be, but I'll try
__________________
Brandon Martus
e-mail
  #9   Spotlight this post!  
Unread 07-02-2003, 07:40 PM
Rickertsen2 Rickertsen2 is offline
Umm Errr...
None #1139 (Chamblee Gear Grinders)
Team Role: Alumni
 
Join Date: Dec 2002
Rookie Year: 2002
Location: ATL
Posts: 1,422
Rickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant futureRickertsen2 has a brilliant future
Send a message via AIM to Rickertsen2 Send a message via Yahoo to Rickertsen2
Quote:
Originally posted by Brandon Martus
Show them this:

http://news.com.com/2100-1023-963937.html?tag=lh

and ask them if a large company such as Yahoo would drop their own 100% custom scripting language to use something that is insecure..
I thought that Yahoo used PHP but I Wasn't 100% so i didn't say anything. Now I know for sure. Thanks, Brandon.
__________________
1139 Alumni
  #10   Spotlight this post!  
Unread 07-02-2003, 08:50 PM
Joe Ross's Avatar Unsung FIRST Hero
Joe Ross Joe Ross is offline
Registered User
FRC #0330 (Beachbots)
Team Role: Engineer
 
Join Date: Jun 2001
Rookie Year: 1997
Location: Los Angeles, CA
Posts: 7,902
Joe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond repute
Does this webhost allow other scripting languages, perl, asp, etc?

Any scripting language can be used to create insecure scripts that can be exploited. This is the nature of (any) language. If they don't allow any scripting languages for security reasons, they shouldn't allow php either. However, I have no reason to beleive that PHP is less secure by default then other languages (if not more secure).
Closed Thread


Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Learning PHP Leon Machado IV Website Design/Showcase 15 08-20-2003 07:03 AM
FREE web design, php, and 3ds max classes Jeremy_Mc General Forum 0 01-31-2003 02:42 PM
php vs. perl Jack Website Design/Showcase 20 12-29-2002 04:01 PM
What's better, PERL/cgi or PHP/my_sql? mikefrei Programming 10 05-27-2002 09:50 PM
NASA security problem. Anthony S. General Forum 8 01-03-2002 10:33 AM


All times are GMT -5. The time now is 11:38 PM.

The Chief Delphi Forums are sponsored by Innovation First International, Inc.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi