Hi Guys, Can we use php to make a web application like gmail.com, yahoomail.com etc. and web site like irctc.co.in, or the finacle type websites(which are used in banks)? How much secure is PHP in terms of hacking? And also suggest me some other appropriate language which is most secure then php in terms of hacking.
Most massive online companies, such as google, use multiple languages for multiple things. While PHP is fine and dandy for outputting data, languages like java, C, and python often run a lot of the heavy-duty back end stuff.
PHP can be easily hacked for a admin account. Then using a poison IP and brute force password snifer cracker is easy. SQL injection hack is mostly likey what would happen. Easiest website to hack is a .asp. Some guy did this site fell on it yesterday sad---- HTML is easy also: http://www.hamva.com/ShaRp.html
I forgot to say most hackers will just link off making their own .html page. If they defaced the whole think on index that would be jail time.
PHP will work on your requirements for as long as the one who will do the project has a solid experience in coding PHP (seriously). Using PHP frameworks (like Zend Framework) is a great start because some of the modules to prevent hacking is there (like filters to XSS, Injections, etc). But the coder needs to devote time to learn those. Another thing, focus also on the server security like firewalls, etc.
PHP Script Security depends on how its coded its not that since its php probabilty of getting hacked is same for all scripts
Very misleading post with an irresponsible generalization. PHP and ASP (.php and .asp) are scripting languages. While there have been known security vulnerabilities (which have been patched), there is no reason to say that PHP or ASP can be easily hacked. Failures in a program's security model must be separated from the judgment of a language's security. Any login accessible by users/computers can be brute forced. It is the programmer's responsibility to make sure the attack executes as slow as possible with as much complexity as possible. It's the programmer's responsibility to use encryption when needed. SQL injections, once again, are the faults of programmers who do not properly sanitize inputs. If the issues above prove that PHP and ASP are easily hackable, then C/C++ must also be considered easily hackable because programmers don't always carefully delete or validate pointers which can result in buffer overflows.
Simply, any programming language could be hacked !! it depends on how professional your code is, and keeping yourself updated to latest security holes & ideas too. a secure web hosting is a must too !!
yes php can be used but it needs other 3rd party application(like java uploader) to do the uploading especially large files