amelierosalyn.com

Skip navigation

PHPAskIt is insecure!1!1!zomg!11

I came across a couple of websites discouraging the use of PHPAskIt because it uses a database and therefore absolutely must be insecure.

One such example states:

PHPAskIt isn't completely secure, either. It uses a database so I woulda thought that was more INsecure than the flat file of Waks Ask & Answer script.

Another says:

PHPAskit is just as insecure [as Wak's Ask&Answer] only people think it's secure because it's not flat file.

And so on, and so forth.

For the record, there is no difference in security in using one method or another, as long as they are both done properly. Wak's Ask&Answer and CuteNews (flat file scripts) aren't. PHPFanBase and SimpleDir (MySQL scripts) aren't either. Jem's Bella~ series and FlatPress however, are flat file scripts and they are fine. Similarly, WordPress and PHPAskIt are MySQL scripts and they are absolutely fine.

Yes, it's true that hackers discover more and more vulnerabilities in scripts and programming languages all the time, so those scripts may not always be secure in their current versions so it is very important to keep your scripts up to date. But to say a script is insecure because of the method of storage that they use is stupid and shows complete ignorance. If you are going to say a script is insecure, don't just back it up with "well I looked it up online and it said it was insecure". People seem to like publishing fake reports of insecurities (probably where all this is coming from, actually... PHPAskIt had a nice security hoax published about it - and in case you're still living in the dark ages it was wrong) so "looking it up online" isn't always the answer.

If in doubt, ask someone who knows what they're talking about. :)

Please note: this post is now over 9 years old.

Older posts are archived for historical reasons and also for those who may find their contents useful. Facts, links or opinions within this article are likely to have changed; the article itself may also no longer represent my own views on the subject. Please bear this in mind when reading these posts.

Comments (8)

  1. I LOL'ed immediately when I saw the reasons why it was insecure. They just don't get it, do they?

    Chien Yee's Gravatar Chien Yee on

  2. What bothers me is that these people have no knowledge in the subject yet proceed to talk about things like they do. That's one of my hugest pet peeves. >.>

    Hannah's Gravatar Hannah on

  3. PHPAskIt isn't completely secure, either. It uses a database so I woulda thought that was more INsecure than the flat file of Waks Ask & Answer script.

    This cracked me up! Oh wow, how amusing!

    Sarah's Gravatar Sarah on

  4. I sometimes wonder why I even bother advising people.

    Jem's Gravatar Jem on

  5. It uses a database so I woulda thought that was more INsecure than the flat file of Waks Ask & Answer script.

    ... this should go in pairs with that security fix for the skinning tutorial (it's the x!!!).

    *rolls eyes*

    Vera's Gravatar Vera on

  6. I choked on my water when I read their reasons :P
    That's hilarious

    Also funny is the use of "woulda"

    valerie's Gravatar valerie on

  7. Jem brought this up on the IRC the other day and ZOMG...how annoying. :P People need to learn to do a little research before they spout off on their opinions...especially when it involves something as important as security.

    Melissa's Gravatar Melissa on

  8. But, OMG, using databases is so insecure!11!! You will get haxored instantly.

    Julie's Gravatar Julie on

Previous entry: You don't need to ConvertToPHP just to use includes | Next entry: Why I hate your tutorial: Useless Tutorials part 2