Secure Java with PHP?

Printable View

Oct 4th, 2007, 03:45 AM
Iron Skull

Secure Java with PHP?

Hello I am running a Java Applet with really sensitive Data over it.
The Webserver is running in SSL and now I want to secure it more.
So I thought of PHPs SSH function.
Though I ain't very experienced with PHP I thought lets ask before I waste lots of hours on writing a script and then figure out that I shouldnt.
Well there is a PHP SSH functions. I know he can make a Password less connection and that he does work as a Client. do you guys think I can tunnel the Applet through it.?

Cheers,
Robin
Oct 4th, 2007, 12:08 PM
k1ll3rdr4g0n

Re: Secure Java with PHP?

If you are that worried about it, use putty and tunnel the connection your self.
If you write a PHP tunnel that would only encrypt the data on the server side.

SSL already encrypts your data, so if you are that worried about the network you are running it on, don't use it.

If you know the network admins, its a good chance that they don't sniff out the packets of everyone and figure out passwords/ssn/CC #s. Where I work, they are strict, not stupid.
Oct 5th, 2007, 01:57 AM
Iron Skull

Re: Secure Java with PHP?

Well, the fact is.. this is a website that people have to be able to access were ever they are.
Its for a RemoteLinux box that they use.. And all they need is a webbrowser.
Thats why I cant use PuTTY. And why I wanted to use PHP.
Oct 5th, 2007, 07:49 PM
k1ll3rdr4g0n

Re: Secure Java with PHP?

I have seen the exsistance of a java based SSH client. Prehaps you should investigate that?

Although, since you have SSL already, you should be fine. I believe its 128bit encrypted no? Someone check that please.
Oct 5th, 2007, 11:57 PM
dclamp

Re: Secure Java with PHP?

Well php is not the most secure language, yet you can do alot to make it secure as possible. To my knowledge, there are not php SSH functions. I will do a google search though.
Oct 6th, 2007, 01:18 PM
k1ll3rdr4g0n

Re: Secure Java with PHP?

How is PHP not secure?
PHP is like Java in some ways, especially when you have safe mode on.
PHP itself is very secure, its the scripts that people write that make it insecure.

http://us3.php.net/ssh2
Oct 6th, 2007, 01:42 PM
dclamp

Re: Secure Java with PHP?

if you dont configure php correctly, then it can be secure. ASP.net is more secure then php.
Oct 6th, 2007, 02:40 PM
k1ll3rdr4g0n

Re: Secure Java with PHP?

Quote:

Originally Posted by dclamp

if you dont configure php correctly, then it can be secure. ASP.net is more secure then php.

I think you ment to say "if you dont configure php correctly, then it can be insecure."

Actually, I think PHP defaults are pretty secure.
Oct 6th, 2007, 11:16 PM
dclamp

Re: Secure Java with PHP?

haha. oops. Thats what i meant.

Well there are some settings that need to be change in the php.ini before it is fully Secure.
Oct 7th, 2007, 02:44 AM
penagate

Re: Secure Java with PHP?

Quote:

Originally Posted by dclamp

if you dont configure php correctly, then it can be secure. ASP.net is more secure then php.

Either is as secure as the code you write.

The -recommended INI file is the better default configuration for PHP (obviously).
There is also a project called Hardened-PHP which purports to secure it even further. Personally, I think the modifications they do are of little practical use to most server administrators.