|
| |
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
 |
ASP vs PHP - 9/26/2002 16:34:34
Hi all,
The majority of PHP programmers I met do not know how to program in ASP, and they don' t use it. They say " Why should we use something that is not secure at all" .
My questions are:
Is PHP 100% hack proof?
Does that mean to throw ASP and never use it anymore?
How can we increase ASP pages security?
I like ASP and I feel comfortable with it, I started learning it and I am working hard on that. Does this mean that I should quit ASP because after sometime no customer will be interested in it?
Regards
Hisham
|
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 9/26/2002 19:08:04
Hi,
Thanks nmj for you nice reply. I have the following inquiries
1- what is <$0.02> and </$0.02>
2- You said that ASP will be there for a while? Do you think PHP will take over?
3- ASP.net: Does it have a different scripting/programming language other than VBScript which is behind ASP?
4- How to increase the security of ASP pages?
5- Is PHP easier than ASP? (I mean to learn)
Sorry, many questions.
Thanks a lot nmj
Regards
Hisham
< Message edited by hhammash -- 9/25/2002 7:10:07 PM >
| |
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 9/26/2002 19:26:43
Hi NMJ,
I made a search and came accross this article, please take a look at it:
http://php.weblogs.com/php_vs_asp
I downloaded PHP and intalled it. All I get is a black window with cursor in it. I don' t know what to do from here.
Also, I downloaded MySQL and got a black window with cursor in it.
Is there any interface like Access for MySQL and any interface also to use PHP.
Thanks
Hisham
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: ASP vs PHP - 9/26/2002 20:39:25
I' m curious about this " PHP is more secure than ASP" .
Both environments operate in a similar manner, both are vulnerable to underlying web server holes, and most recently security vulnerabilities identified have been in Apache and PHP, not IIS and ASP.
One security issue with an ASP application is if you use an access db and it' s in located in your web structure, it' s possible for someone to download your db file if you' re not careful. Of course, you can' t even use Access in a *nix server so the issue doesn' t exist there.
_____________________________
======
Doug G
======
| |
|
|
|
no_mac_jack
Posts: 295
From: Washington state, USA
Status: offline
|
RE: ASP vs PHP - 9/26/2002 20:41:25
>>And all of the time his opnion is worth much more then that!
Well, thanks! 
Hisham...
That link you posted was great! It summed up all the things that I would have/should have pointed out. The only thing I want to correct in the article is the statement that you don' t have to bother getting POST and GET data out of objects because it' s already assigned to individual variables. Well, now you have to/should use $_GET[' keyname' ] or $_POST[' keyname' ] to get data and protect yourself from a possible security problem. I can' t remember where I read the article explaining the problem, but if I find it again, I' ll let you know.
As far as installation problems, I haven' t ventured to try installing it locally, although I really should. I just keep putting it off because I also need to upgrade the OS and partition the hard drive. But that' s a whole story in itself.  You might find something useful in PHPBuilder.com' s installation-related articles. If not, I know someone who could probably give you a few pointers to get you on the right path. Are you installing on a windows system?
As for an interface (GUI) for MySQL, there are a couple listed in the download section of MySQL.com. I haven' t tried either one (since I still haven' t installed MySQL locally). Also, as Spooky mentioned in another thread, PHPMyAdmin is a web-based interface for MySQL that works pretty well.
Well, that food for thought should keep you busy for a while! [:p] Let me know how it goes!
~no_mac_jack
| |
|
|
|
Long Island Lune
Posts: 2340
Joined: 6/8/2002
From: New York
Status: offline
|
RE: ASP vs PHP - 9/26/2002 21:00:00
Hisham,
Where did you get the PHP from - which site??? I want to download it too.
Thanks
LLL
_____________________________
| |
|
|
|
Long Island Lune
Posts: 2340
Joined: 6/8/2002
From: New York
Status: offline
|
RE: ASP vs PHP - 9/26/2002 21:23:44
N_M_J,
Thanks. I' m going there now.
_____________________________
| |
|
|
|
Long Island Lune
Posts: 2340
Joined: 6/8/2002
From: New York
Status: offline
|
RE: ASP vs PHP - 9/26/2002 21:29:32
N_M_J,
Did you download one of these three products??? Which one did you use???
_____________________________
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: ASP vs PHP - 9/26/2002 21:59:11
Here are the " official" php downloads
http://www.php.net/downloads.php
_____________________________
======
Doug G
======
| |
|
|
|
no_mac_jack
Posts: 295
From: Washington state, USA
Status: offline
|
RE: ASP vs PHP - 9/26/2002 22:05:39
Which products are you referring to? I have downloaded PHP and MySQL, but like I told Hisham, I haven' t installed them locally yet. Both are installed on my host' s server so I just use them there for now. I need to install them locally for development purposes, though.
If you' re talking about those two GUI' s for MySQL, I haven' t tried them either because you have to have MySQL installed on your comp. (Well, I just assumed that it wouldn' t connect to remote DBs, but that might be something to check on)
~no_mac_jack
| |
|
|
|
Long Island Lune
Posts: 2340
Joined: 6/8/2002
From: New York
Status: offline
|
RE: ASP vs PHP - 9/26/2002 22:23:25
N_M_J,
I was referring to CodeCharge, CodeCharge Studio and Add-In for Microsoft® FrontPage®. I think I clicked the wrong link in that site!!!
Doug,
Looks interesting. .
_____________________________
| |
|
|
|
Long Island Lune
Posts: 2340
Joined: 6/8/2002
From: New York
Status: offline
|
RE: ASP vs PHP - 9/26/2002 23:01:23
N_M_J,
No problem.
The PHP site looks great.
_____________________________
| |
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 9/27/2002 7:02:53
Hi all,
C1sissy,
I agree with you nmj' s ideas worth much more.
Doug G,
Your reply is very much comforting. You mentioned that I have to be carefull if I am using Access. How can I be careful? If I use SQL 2000, will it be more secure?
I think that Microsoft' s application were heavily targetted by hackers because most of the programmers use Microsoft' s products. I also heared that Apache and PHP hacking is increasing.
Anyway, I always believed that whatever man created can be hacked or broken by man too.
NMJ
Thank you for your reply. After I posted the article link for you I continued searching and found many articles throwing light on some weaknesses in PHP, and why ASP is better. I think for some extent it is a matter of people getting sensitive to what they use. I use ASP I defend it, someone else uses PHP he/she defends it, (could this be right to some extent?).
Thank you for both links, I will be checking them and reply to you. Thanks you also for replying to LLL.
Yes NMJ, I installed PHP on my PC, Windows XP. I downloaded a chat facility made by PHP but I did not know how to publish it to our University Unix server. In the readme.txt they mentioned that I have to set DMH something to be equal to 6. I did not know what is this.
Thank you all for your quick responses.
Best regards
Hisham
| |
|
|
|
no_mac_jack
Posts: 295
From: Washington state, USA
Status: offline
|
RE: ASP vs PHP - 9/27/2002 18:47:07
The thing to be careful with when using Access is that your db file is more vulnerable because it is often a file sitting in your web just like the web pages that people view. This is what Micah was dealing with a few days ago. To protect the file, you can put it outside of the actual web where it' s harder to access.
>>I think for some extent it is a matter of people getting sensitive to what they use. I use ASP I defend it, someone else uses PHP he/she defends it, (could this be right to some extent?).
That' s exactly right. I' m not sure if you get this situation in the UAE, but here, the ASP/PHP debate is like the Ford/Chevy debate -- or even the Mac/PC debate -- in that people on both sides can get very adamant about their opinion but neither side can ever really win. There are good and bad things about both, so it' s just a matter of what works for you.
With regards to your script, I really don' t know what to suggest without looking at the readme file and/or script. If you are still stuck, I can take a quick look if you tell me what script you' re using.
Have a good day!
~no_mac_jack
| |
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 9/28/2002 9:27:22
Hi,
Thank you NMJ for your very good reply.
Yes, also here in UAE these debates do exist.
Regarding MsAccess Database, I usually put it in the fpdb folder. Do you mean that I change the folder in the web, or put the database outside my web in a folder in the webserver.
We have a webserver that has many webs. One of the webs is mine.
How to put access outside my web and connect to it?
I will send you the message which I get when I try to run the PHP code.
Best regards
Hisham
| |
|
|
|
no_mac_jack
Posts: 295
From: Washington state, USA
Status: offline
|
RE: ASP vs PHP - 10/1/2002 19:03:36
It is possible to put the actual database file somewhere on the server (or even another networked computer) so that it is not in the directory that is available to the web (ex. c:\inetpub\wwwroot\). Then, you can connect to the database either by using a DSN-Less connection and then typing the full path to the database rather than using Server.Mappath *OR* you can set up a DSN on the server that basically makes a name for the connection to the database and stores the path there.
I think FP will only let you do the latter if you' re planning to use its database features. When prompted to add a new database connection, choose " System data source on web server" and then select the DSN that you should have already created on the server.
I should note that this will probably only work if you are either working live or are working on the actual web server (although, you could have a DSN with the same name on your local computer to allow you to set up pages).
Well, I hope that wasn' t too confusing, but I just got back from a wedding, so I have to get back into the routine. Hope that helps!
~no_mac_jack
| |
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 10/2/2002 12:47:52
Hi NMJ,
Hope you enjoyed your time int he wedding.
As usual, you hit the target, you are clear and not confusing.
But I have a question here.
Our Network is huge, very big, and my web folder is on the Web Server. If I create the DSN on my PC in my room, then connect to it from the Server, doesn' t this effect the speed in retrieving the Data?
If I put the database on the web server but in another folder, would it be more secure than having it on my web folder?
Regards
Hisham
| |
|
|
|
no_mac_jack
Posts: 295
From: Washington state, USA
Status: offline
|
RE: ASP vs PHP - 10/2/2002 19:12:06
>>If I create the DSN on my PC in my room, then connect to it from the Server, doesn' t this effect the speed in retrieving the Data?
Well, the DSN needs to be created on the server for the pages to work on the web (or network). However, what I was saying is that you can make a DSN with the same name on *your* PC so that you can do the development. This DSN, however, would not be used by the actual site when it is running.
>>If I put the database on the web server but in another folder, would it be more secure than having it on my web folder?
Yes, in theory, because the web directory is being shared...the other folders should not be. It' s just *added* protection, not complete.
Talk to you later, Hisham!
~no_mac_jack
| |
|
|
|
hhammash
Posts: 1064
Joined: 8/19/2002
Status: offline
|
RE: ASP vs PHP - 10/3/2002 0:12:32
Hi NMJ,
Thanks a lot, I will try the web Server DSN.
Is this security issue also available in SQL 2000? I mean if I use SQL 2000 instead of Access, will I have more security?
I am using Access XP now.
Thanks NMJ
Hisham
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
