PHP's biggest security problem has always been the programmers not coding to best security standards, not the inherent problems in PHP itself. Regardless of the server-side language, the output to the browser is all HTML and any server side language has the potential of exposing sensitive information if the programmers are not careful enough. That's the reason and the answer to the OP's question.You need to be more specific about how viewing the source HTML of a PHP site "exposes the intellectual property".
So any banking institutions using it are just inviting trouble.
Go to any PHP website and View Source and there you have all the other party's intellectual property exposed. However, the fact remains that PHP is an integrical part of NavyFCU's online banking system, and not merely to power the front-end of the bank's site. This wouldn't surprise me since many corporate websites use multiple server-side languages/frameworks to power everything. I am not ruling out the possibility that JSP is being utilized in some fashion. Both index.php and index.jsp can access it. Index.php works quite well though.īTW, I checked out the link you sent me for Navy Federal's login. I gave you the benefit of the doubt and typed in /index.jsp after main. I can because I have a Navy Federal account. I don't know if you can ping it, because you gotta log in to view the page. If you're talking about, look at or am referring to the actual logged-in side of Navy Federal's banking. Last edited by quantumphysics 11-06-2011 at 12:39 PM. None of the examples you gave use PHP for anything more than logged-out information display. NavyFCU's FRONTEND CORPORATE site is in PHP.Ĭapitalone's FRONTEND CORPORATE SITE is in PHP. I would put money on the fact that we will see more financial institutions use PHP in the future, especially smaller institutions that want to get the best possible value for their IT dollars.Only ING's FRONTEND CORPORATE site (with ONLY INFORMATION) is in drupal.ĪLL backend (online banking, anything requiring login) is NOT php. I would put money on the fact that we will see more financial institutions use PHP in the future, especially smaller institutions that want to get the best possible value for their IT dollars. PHP only gets a bad rep because it is relatively easy to learn and novice/beginner/hobbyist PHP programmers don't always use best security practices. The fact that these institutions use PHP is a testament to the fact that PHP when coded with good security practices is every bit as capable as other server side languages in terms of security. It's anybody's guess as to their database since PHP supports so many, but I say it's likely a toss-up between an enterprise edition of MySQL or Oracle. ING specifically uses Drupal, which has been a proven PHP CMS that is capable of very demanding enterprise level operations. Three very prominent financial institutions that I know of use PHP: Navy Federal Credit Union (the world's largest credit union), Capital One (5th largest deposit portfolio in the US), and ING Financial Services (ing.us, part of the world's largest financial institution). If you think that no financial institution uses PHP, then you haven't looked hard enough. Maybe its because PHP is not considered secure enough. JSP and ASP seems to be the preferred languages for banks. I couldn't find a single bank which uses PHP.
0 kommentar(er)
