Quote:
Originally Posted by Marshal
Running php 5.6 (it's never been upgraded) is not very safe by today's standards.
Would you feel comfortable parking your car on a busy street and leaving it running and unlocked with keys inside?
Yeah, I know TGP is not the best way of monetizing in 2024, so I don't blame authors for not updating the script. Just don't want to lose a part of my own history, so time to move on to whatever else is there available.
|
It's not PHP itself that gets hacked, it's scripts via sql injection, remote code execution etc. A PHP script with security holes under PHP 8.3 is worse then a site with no holes running 5.6. The security issues related to PHP itself are pretty limited to locally executable things and not things that can be exploited remotely by a bad actor. To exploit most security issues on PHP, you'd have to have access to the server, and if you already have access to the server then you don't need to hack it. Yes - running PHP 5.6 is not ideal but it in itself is not inherently that big of a problem from the security point of view.
A plausible scenario where 5.6 would be a problem would be for instance a script having a security hole that is patched in a later version of the script and that later version requiring a higher PHP version - but this doesn't apply to "dead" scripts that are no longer being updated.
Wordpress and various plugins people use for it get hacked left and right despite working on PHP 8.3 or even requiring PHP 8. This is not because of PHP itself, not wordpress itself - but questioniable plugins for it.