Question for my PHP people out there.
#1
Question for my PHP people out there,

So i just started learning PHP and I was wondering do you guys actually look for vulns like  LFI  while writing a functional code or you just look up the secure ways of writing PHP?
Reply
#2
I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look.
Reply
#3
In my opinion, if you're going to code anything which might be used in production or have a potential to be targeted. Always code with security as focus/perspected. "Secure programming"/"Security Oriented" programming.

But it's always best to keep the best of both worlds. When you're done coding you could always try to break it/hack it yourself.
Reply
#4
(12-24-2020, 09:22 PM)DeepLogic Wrote: I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look.


Thank you... Heart

(12-24-2020, 10:56 PM)Insider Wrote: In my opinion, if you're going to code anything which might be used in production or have a potential to be targeted. Always code with security as focus/perspected. "Secure programming"/"Security Oriented" programming.

But it's always best to keep the best of both worlds. When you're done coding you could always try to break it/hack it yourself.

Thank you for sharing
Reply
#5
(12-24-2020, 09:22 PM)DeepLogic Wrote: I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look.

Ya. there are two ways to do this... but 1 of them is definitely the wrong way.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  php random_bytes and padding mhiats37 0 7,024 04-28-2019, 08:58 PM
Last Post: mhiats37
  Finding vulnerabilities in PHP scripts Insider 7 34,338 10-12-2018, 05:31 PM
Last Post: Insider
  PHP Programing Books Lumi 3 18,118 08-22-2016, 09:32 PM
Last Post: Vector
  High Performance PHP Lumi 0 10,191 08-21-2016, 10:39 PM
Last Post: Lumi