Our team is developing a web app in the financial space using PHP. The big question that comes up first is always security related. What are the main security risks associated with PHP or scripted languages in general verus a more accepted (in the space) Java written app?
2条回答 默认 最新
dongmu5920 2011-07-21 09:02关注The only difference I can think of with scripted languages is that in many of those, including PHP, you have
evalwith its associated risks. If you don't use it, I don't think there's a real difference regarding security.The PHP engine itself might have some more leaks than Java, since a large part of the functions you use in PHP are written in C, while in Java most is written in Java itself.
And of course, as with any language, security largely depends on the programmer. XSS, CSRF, SQL injection, etc are a risk in any language, if you don't use the proper tools.
That said, I wouldn't recommend using PHP. While not a less secure platform than Java, it's certainly much easier to create bugs there through it's dynamic typing and other quirks, and they can be as killing to your app as security flaws.
解决 无用评论 打赏举报
分享
- 2021-07-29 02:09回答 2 已采纳 如果你对php感兴趣,可以一直这样工作,然后java的也要看看,不要忘记,不然培训就没有了意义,php虽然简单但是他的局限性太过明显了,比如 1.只支持web开发,不方便做 .exe文件,不方便做桌
- 2023-03-06 15:04回答 1 已采纳 Java和PHP都存在安全漏洞 ,但java稍微好一点
- 2022-06-06 09:48回答 2 已采纳 题主的问题,我曾经遇到过类似的。可以和加密方确认下,在加密过程中,是否对加密内容进行了base64编码。我记得java实现这种加密时是不需要进行编码的。但是PHP的话这边,就得依赖base64加密。两
- 2020-08-06 11:12程序yang的博客 Java面试题千千万,个人觉得没有最好的答案,只有最适合的答案;本文的宗旨是为读者朋友们整理一份详细而又权威的面试清单。 此文是前段时间本人根据部分文章汇总压在草稿箱(由于时间关系,忘了加上对应的原创链接...
- 2021-06-21 01:23回答 1 已采纳 如果部在同个服务器,可以通过硬盘上的路径访问,如果不是,正常上传后应该要返回一个访问链接,通过访问链接获取
- 2017-04-25 15:56回答 1 已采纳 So I have found that file_get_contents("php://input") seems to do the what I want. Simply assig
- 2023-02-21 14:22回答 2 已采纳 基于Monster 组和GPT的调写: function genDigest2($timestamp, $mgsData, $md5key) { // 将业务报文、时间戳和秘钥组合成需要加密的
- 2023-02-16 08:13程序员大彬的博客 Java面试八股文
- 2020-03-20 21:45回答 2 已采纳 ``` = 3) { for($i=0;$i_debug) { echo '$bin = ',decbin($bin),"\n";
- 2023-03-06 14:09回答 2 已采纳 php是专注于WEB开发 属于主攻后台技术 java比较全面 在WEB后台开发php优于java而在数据库访问方面java比php性能以及速度要强很多 java的开发成本较高 在代码方面java
- 2019-01-26 22:40回答 1 已采纳 Is this what you are looking for $uuid = MojangAPI::getUuid('jeb_'); echo 'UUID: <b>' . $uu
- 2020-12-24 10:03笨小孩@GF 知行合一的博客 PHP原始为Personal Home Page的缩写,已经正式更名为 "PHP: Hypertext Preprocessor"。自20世纪90年代国内互联网开始发展到现在,互联网信息几乎覆盖了我们日常活动所有知识范畴,并逐渐成为我们生活、学习、工作中...
- 2019-06-26 10:58回答 5 已采纳 System.out.println((2376995291L - 141L * 16777216L) / (double)65535); 141 * 16777216 will techni
- 2021-08-02 07:45哪 吒的博客 JDK(Java Development Kit),Java开发工具包 JRE(Java Runtime Environment),Java运行环境 JDK中包含JRE,JDK中有一个名为jre的目录,里面包含两个文件夹bin和lib,bin就是JVM,lib就是JVM工作所需要的类库。...
- 2021-02-12 09:34weixin_39768444的博客 一:在本章我们将学到如下的内容》HTTP协议原理》服务器端Web编程原理》Servlet与Web容器》Java Web应用程序的组成》Tomcat介绍一:1.1解析HTTP协议HTTP:超文本传输协议(HyperText Transfer Protocol)HTTP是一种无...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 关于smbclient 库的使用
- ¥15 微信小程序协议怎么写
- ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
- ¥20 怎么用dlib库的算法识别小麦病虫害
- ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
- ¥15 java写代码遇到问题,求帮助
- ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
- ¥15 有了解d3和topogram.js库的吗?有偿请教
- ¥100 任意维数的K均值聚类
- ¥15 stamps做sbas-insar,时序沉降图怎么画