开发者

Is interpreted language secured?

For example, I have a php script which contains the source code. I uploaded it to my web server. For some reason, some attacker could be able to download that file from my web server. They can be able to read and analyze my source code.

So i think this makes interpreted languages (like php ...) not secured vs a compiled la开发者_运维百科nguage (which contains only binary form).

I want to hear different opinions about this.


Binary isn't secure either. Granted they need to be a bit more of an elite hacker to disassemble it and get the critical algorithm they're after but if someone has access to the binary your algorithm is as good as leaked.


Don't forget binaries can also be reverse engineered that's why they are not secure either. You have to check for server and network level security.


If you're server is set up to handle PHP files, it will compile and execute them prior to sending the output. The actual file will not be downloaded. However, I have seen people name include files with extensions other than *.php, such as *.inc, and they didn't make sure the server would handle those files correctly. This can be dangerous, as include files often contain configuration data.

So, as mentioned by sberry2A, it's all about the server set up rather than the language itself. But, it's certainly something that should have attention paid to it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜