Jake B.
Well-known member
Every PHP version has a period of active and security support after release, so no version with support will be more or less secure than another. Security updates for PHP 7.3 are ending in a few days, but PHP 7.4 will still receive security updates for another year or so.
The PHP version itself won't actively do anything to protect your site/database, that'd be up to whatever software you're running. The only thing it guarantees is that if security issues with the PHP software itself are discovered they'll be patched as long as it still receives support.
www.php.net
The PHP version itself won't actively do anything to protect your site/database, that'd be up to whatever software you're running. The only thing it guarantees is that if security issues with the PHP software itself are discovered they'll be patched as long as it still receives support.
PHP: Supported Versions
www.php.net
Thanks Jake B for the great info.
If PHP itself (regardless of version)...does not protect the site/database...what security issues does PHP protect against?
For example...if some "bad person" is trying to mess with a website...and they're able to get past the PHP security...what sort of things can be done to the site to mess it up?
Or maybe another way of asking the same question...if some "bad person" got past the PHP security...how would I know it (what might be done to the site that I would see/notice)?
Thanks
eva2000
Well-known member
2 recent PHP security issue examples
- https://bugs.php.net/bug.php?id=79971 this forced PHP 8.0.13, 7.4.26, 7.3.33 to be released
- https://bugs.php.net/bug.php?id=81026 this forced PHP 8.0.12, 7.4.25 to be released
Thanks eva2000 for the links.
I checked out both links...but for a non-expert most of what was written was confusing. Can you explain (simply)...what each of the 2 PHP security issues were that a non-IT expert can understand please?
Just trying to get an idea what sort of PHP security issues can happen (when there is a security issue)...and how a person running a website might know something is wrong when a site has been affected.
Thanks
I checked out both links...but for a non-expert most of what was written was confusing. Can you explain (simply)...what each of the 2 PHP security issues were that a non-IT expert can understand please?
Just trying to get an idea what sort of PHP security issues can happen (when there is a security issue)...and how a person running a website might know something is wrong when a site has been affected.
Thanks
eva2000
Well-known member
Not a PHP guy myself but the gist with those bugs would be PHP bugs leading to PHP processing/reading files it shouldn't be i.e. sensitive files and information. The worse case would be compromising and giving access to your site/server.
Maybe not the best analogy, but imagine a mobile phone's facial recognition security having a bug and it allowed access if you just put a photo of the person's face up against the phone's camera.
Maybe not the best analogy, but imagine a mobile phone's facial recognition security having a bug and it allowed access if you just put a photo of the person's face up against the phone's camera.
Thanks.
If a PHP security issue example (worst case)...was allowing access to the server by a "bad person" (similar access as the server owner)...this of course would be a very bad thing!
Similar threads
- Locked
- Question
