Coding Forum

**CFISH** · 11-28-2007, 04:32 AM

HI
Just need some advice please.
I am in the making of a website that is large and has people that have to login to change and update and pay for items.
We will be using secure server etc for the credit card processing but we want to know what language is workable with a large site that is also safish from hackers please?
We have sections where people log in and I dont want hackers to get their information.
Also, we have a vbulletin forum that I was told was fairly safish.
Any ideas on best code to use as the site uses many many scripts that we need to write.
They are for private logins etc and forums.
Ta in advance
CFish

**chrishirst** · 11-28-2007, 06:38 AM

All languages can be "safe" and all languages can be "unsafe"

The problem is not with the actual language but usually with the way scripts are implemented or programmed. You (as a programmer) can either leave potential "holes" or "backdoors" if you do not understand the basics of security and the importance of "sanitising" user input before sending a database query.

Although it's the things you CAN'T control 100%, such as users with weak passwords (names, birthdays, their dogs name) etc that are the most likely point of failure generally.

**CFISH** · 11-29-2007, 12:05 AM

Quote:

Originally Posted by chrishirst

All languages can be "safe" and all languages can be "unsafe"

The problem is not with the actual language but usually with the way scripts are implemented or programmed. You (as a programmer) can either leave potential "holes" or "backdoors" if you do not understand the basics of security and the importance of "sanitising" user input before sending a database query.

Although it's the things you CAN'T control 100%, such as users with weak passwords (names, birthdays, their dogs name) etc that are the most likely point of failure generally.

Thank You
So one last question please.
Is the site www.hackersafe.com worht joining?
ta CF

**CFISH** · 11-30-2007, 03:26 AM

Hi
thanks
is dotthenuke good?
also
Thank You
So one last question please.
Is the site www.hackersafe.com worht joining?
ta CF

**chrishirst** · 12-01-2007, 02:21 PM

Only if YOU are processing or storing the CC details your self directly, if you are transferring to a merchant to process the payment it becomes their problem.

I've not tried the latest incarnations of DNN myself, but one can only hope it has improved in later versions.

**ForrestCroce** · 12-01-2007, 11:02 PM

It has ... but that still doesn't make dnn worth learning.

Chris is right ... and this is critical: if you're taking the credit card numbers yourself, they need to be encrypted in flight and at rest. If you're using a third party payment processor, that's their problem.

I can write an application in QBasic that's more secure than an application I can write in C Omega. Or the other way around. Unmanaged languages, like C++, are inherently more dangerous than managed languages, because of things like buffer overruns ... but there are hackers, and there are 'hackers.' Murphy's Law says if a person can make a thing go wrong, eventually they will ... but while everyone knows how to look for vulnerabilities with sql injection, most people can't take advantage of a type cast failure.