prevent xss atack

[justsomeguy]

Here you go:http://money.cnn.com/2014/09/04/technology/security/obamacare-hacked/index.html?hpt=hp_t2http://money.cnn.com/2013/10/29/technology/obamacare-security/?iid=ELThat's what $300 million will get you.

[Don E]

Here you go:http://money.cnn.com/2014/09/04/technology/security/obamacare-hacked/index.html?hpt=hp_t2http://money.cnn.com/2013/10/29/technology/obamacare-security/?iid=ELThat's what $300 million will get you.

 

Interesting... You'd think they would hire the best of the best money can buy producing a near... keyword near perfect (because nothing is 100%) unhackable site.

 

Question about PHP real quick JSG, do you think PHP will ever become a server side language like ASP etc in regards to having/getting support? if I understand correctly, doesn't many of the other server side languages provide special support for things like security etc? I would think no since PHP is free but for the sake of 'upping' the reputation etc, would it be a good idea to go that route for PHP or do the developers like to be strictly free regardless and up to the coders/developers to write good secure code for their site?

 

Edit: Apologies if I took this topic of topic.

Edited September 4, 2014 by Don E

[justsomeguy]

Interesting... You'd think they would hire the best of the best money can buy producing a near... keyword near perfect (because nothing is 100%) unhackable site.

This is the government we're talking about. They don't get the best money can buy, they take the lowest bidder and then pay them way too much.

Question about PHP real quick JSG, do you think PHP will ever become a server side language like ASP etc in regards to having/getting support?

What do you mean? What support are you referring to with regard to ASP?

would it be a good idea to go that route for PHP or do the developers like to be strictly free regardless and up to the coders/developers to write good secure code for their site?

It's always up to the developer to write good code, regardless of the language. PHP is a great language (it has plenty of poorly-thought-out design decisions though), but any crappy programmer can come along and write terrible PHP code. That's not really a fault of PHP. You can also write terrible C# code or whatever else. I can design a horribly insecure application and implement it in whatever language I want to, with vulnerabilities all over the place.If you're looking for a company that provides products and support for PHP, that company is Zend. They offer Zend Studio, Zend Server, Zend Framework, etc.http://www.zend.com/en/company/leadershipAndi and Zeev are the people who wrote the Zend engine that powers PHP 4 and beyond, and they started that company. Many of the PHP core developers work for Zend. If you go to ZendCon then you'll be able to meet the guys who made it possible for you to use PHP today. The last time I was there I had a drink with Dmitry Stogov. He's responsible for a lot of performance and optimization issues with PHP and the Zend engine and you can find his name in the credits for several extensions. He gets angry if you tell him that PHP is slow. I also talked with Zeev, I didn't realize it was him though. I was asking him a couple questions about Zend Server and he said "I'm not really much of a server guy...". He should have just said he was Zeev.

[Don E]

 

 

What do you mean? What support are you referring to with regard to ASP?

 

You pretty much answered my question when you mentioned Zend. However for other un-free languages, don't they provide support or help in a way where you can communicate with a developer directly or something that will guide you through implementing secure code for your site? I don't know why I thought that for some reason.

[justsomeguy]

I don't know if Microsoft sells support packages for something like that. ASP is still free though, you don't have to pay to use the actual language, it's just not open source. Regardless though, there are several consulting companies that will audit your code and point out problems.