system — 2012-12-10T02:17:38-05:00 — #1
Which is secure website? PHP or .NET
felgall — 2012-12-10T03:01:26-05:00 — #2
They are two slightly different things but neither has ANY actual security issues in it apart from those you put there - usually when you do not properly validate inputs.
Any security problems are 99.9999999999999999999999% certain to be poor code on the part of the person using it rather than an issue with the language/interface itself.
wonshikee — 2012-12-10T12:41:09-05:00 — #3
I would argue that .NET has a higher security standard since it's a framework and forces you to do things a certain way. PHP can be just as secure, however it leaves it up to the developer to know what to do.
kylewolfe — 2012-12-10T15:59:34-05:00 — #4
Though there are frameworks available that handle most of the security for you, as well as decrease development time.
felgall — 2012-12-10T16:40:40-05:00 — #5
If that is the case then in what way is vb.net any more or less secure than php.net? Also in what way is PHP running on .net any more or less secure than PGP running on an alternate interface?
wonshikee — 2012-12-10T18:57:42-05:00 — #6
Of course, as I stated PHP is just as secure given the developer knows what to do, but PHP in itself does not enforce many things that a framework may.
felgall — 2012-12-10T20:26:36-05:00 — #7
Even if you do use a framework, it isn't going to properly validate all your input fields for you and so it would still be possible for someone to fill the database with junk. You need proper validation on all the inputs in order to implement real security that prevents any form of junk being entered and not just junk that might happen to be more destructive.