Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary? Thread poster: Michael Beijer
|
|---|
Michael Beijer 
United Kingdom
Local time: 10:27
Member (2009)
Dutch to English
+ ...
Question: Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary?
There are a few open source projects that use PHP, but I know that PHP is known to be unsafe.
e.g.,
... See more Question: Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary?
There are a few open source projects that use PHP, but I know that PHP is known to be unsafe.
e.g.,
Glossword: http://sourceforge.net/projects/glossword/)
Open Translation Engine: http://sourceforge.net/projects/ote/
How exactly is it unsafe, and what exactly can happen if you use it anyway? That is, what are the exact dangers? Can your data be: deleted (I don't mind), copied (I don't mind). Can a hacker damage your host server/provider (I do mind)? Etc.
The reason I'm asking this is I want to use a ready-made solution because I simply don't have the time or the skills to code something myself, but I would prefer it to be: cheap (open source), and safe. Or at least as safe as possible.
Michael
[Edited at 2010-11-28 22:26 GMT] ▲ Collapse
| | | | TvNellen (X)
United States
Local time: 04:27
English to Dutch
+ ...
| It can't be that bad | Nov 28, 2010 |
(...) Most of these PHP-related vulnerabilities can be exploited remotely: they allow attackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules (...)
(Wikipedia)
PHP is widely used (synoniemen.net,... See more(...) Most of these PHP-related vulnerabilities can be exploited remotely: they allow attackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules (...)
(Wikipedia)
PHP is widely used (synoniemen.net, nederlandsewoorden.nl, to name a few sites I use), so I don't think you should worry too much about it. ▲ Collapse
| | | | | I've never heard of any dangers | Nov 28, 2010 |
If you want to host a glossary online you will need a database and the pages displaying translations (on the basis of entries in this database) will have to be generated dynamically - as opposite to static HTML files.
I believe that using PHP is one of the safest ways way of achieving it.
Cheers
Stanislaw
| | | | | Thoughts from an amateur | Nov 28, 2010 |
I think potential danger could come from using a form or similar. Unless the form has restrictions on which kind of data can be entered, you might find that your site is vulnerable to malicious code injection.
I never found the time to finish the PHP module in the web design course I studied recently, but I seem to remember that this was partly covered when we studied javascript.
This is what some who know more than me ... See more I think potential danger could come from using a form or similar. Unless the form has restrictions on which kind of data can be entered, you might find that your site is vulnerable to malicious code injection.
I never found the time to finish the PHP module in the web design course I studied recently, but I seem to remember that this was partly covered when we studied javascript.
This is what some who know more than me have to say:
http://en.wikipedia.org/wiki/Code_injection
http://faq.1and1.com/scripting_languages_supported/malware/22.html
http://roshanbh.com.np/2007/12/sql-injection-attack-examples-and-preventions-in-php.html ▲ Collapse
| | |
|
|
|
Michael Beijer
United Kingdom
Local time: 10:27
Member (2009)
Dutch to English
+ ...
TOPIC STARTER
Yes, although I know very little about programming, I do keep hearing about this so-called SQL malicious code injection thing. That was one of the things that worried me when considering whether to use PHP and/or a MySQL database.
I have been told that ASP would be safer. Can someone who understands these things shed a little light on this subject, taking as an example, perhaps, Glossword, which seems to be the most actively developed open source solution available at the moment ...... See more Yes, although I know very little about programming, I do keep hearing about this so-called SQL malicious code injection thing. That was one of the things that worried me when considering whether to use PHP and/or a MySQL database.
I have been told that ASP would be safer. Can someone who understands these things shed a little light on this subject, taking as an example, perhaps, Glossword, which seems to be the most actively developed open source solution available at the moment ....(?)
I am working on gathering a few interested translators, in order to pool our resources to build an Online Glossary For and By Translators. So far, we have already collected a very large amount of Dutch-English-Dutch language data, and some German as well, and are now trying to evaluate what would be the best possible current open source solution for creating a multilingual online glossary platform.
Michael
p.s.: Glossword is a system to publish dictionaries, glossaries, and encyclopedias. It features an installation wizard, support for multiple languages, visual themes, multi-domain installation, an administrative interface with multi-user support, built-in search and cache engines, the ability to export/import dictionaries in XML format, and W3C-validated code. Glossword is useful for any sort of dictionary-like content, including sites with game cheat codes, online translators, references, and various kinds of CMS solutions. (from their freshmeat project description) ▲ Collapse
| | | | | PHP by itself is not unsafe | Dec 6, 2010 |
Or at least not more than any other programming language. And ASP is also vulnerable to code injection, let nobody tell you otherwise. IMHO, the most unsafe programming language is C.
I have quite a few sites written in PHP and using MySQL databases (see for example http://www.freelance-translator.info) and there's no problem at all.
The caveat is that you know what you do... See more Or at least not more than any other programming language. And ASP is also vulnerable to code injection, let nobody tell you otherwise. IMHO, the most unsafe programming language is C.
I have quite a few sites written in PHP and using MySQL databases (see for example http://www.freelance-translator.info) and there's no problem at all.
The caveat is that you know what you do and can program the code properly to prevent (at least the most evident) attacks. The attacks come mainly from interaction with the user, whereby hackers try to exploit flaws in your code.
One classic example is code injection: In its simplest form, it consists that an attacker writes code in a form. If your code simply copies over that text into a database query, you are providing an attack vector, as the text may have characters (such as quotes) that denote the end of the string, and might be used by the attacker to insert additional commands that would be inadvertently executed by your script.
The most basic and obvious way to counteract this is to "strip" every potentially dangerous character from the incoming text. Thus, if you want people to search for words, strip out any characters that are not between "a" and "z" (remember that lower and upper case are different) or a space. You may accept "0" to "9", but any other character is suspect unless proven innocent.
[Editado a las 2010-12-07 17:45 GMT] ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Can someone explain to me briefly the dangers of using PHP to host an online dictionary or glossary? | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
Translation news
