Posts: 7
Threads: 4
Joined: Dec 2020
Question for my PHP people out there,
So i just started learning PHP and I was wondering do you guys actually look for vulns like LFI while writing a functional code or you just look up the secure ways of writing PHP?
Posts: 158
Threads: 30
Joined: Apr 2020
I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look.
Posts: 1,416
Threads: 377
Joined: Jun 2015
In my opinion, if you're going to code anything which might be used in production or have a potential to be targeted. Always code with security as focus/perspected. "Secure programming"/"Security Oriented" programming.
But it's always best to keep the best of both worlds. When you're done coding you could always try to break it/hack it yourself.