Is it possible to make php application secure enough to save users from ARP spoofing?
Asked
Active
Viewed 179 times
-3
-
5ARP spoofing is a local network attack. PHP applications tend to run on web servers, and at a layer way above that used by ARP spoofing. They're not really related in attack terms. – Matthew Jan 25 '17 at 11:45
-
But can PHP play a little bit role to save sensitive information? like may be doing something two way encryption for incoming and outgoing data? – Ayyaz Zafar Jan 25 '17 at 11:48
-
2Not usually - it only runs on the server, so at some point the decryption method would have to be sent, and you can't tell whether the legitimate client got it or the malicious spoofing one. PHP doesn't generally know where data is going - it just chucks it to the web server to deal with. The web server goes by IP address, and a spoofed client is linked with the correct IP address. – Matthew Jan 25 '17 at 11:53
-
You question is more or less (augmented analogy): `Car Design: Is it possible to save tires from sliding under rain ?` The car design in itself has nearly no relation on how the tires and the road interact. – Tensibai Jan 25 '17 at 13:34
-
1Just make sure you use HTTPS, anything beyond that in the network layer is not really something that the application layer can really do anything about. – Lie Ryan Jan 25 '17 at 13:54
1 Answers
2
PHP applications and the Address Resolution Protocol have nothing to do with each other. I suggest you do some more research on the OSI protocol stack and what ARP and ARP spoofing is, then you should realize that your question isn't applicable.
RoraΖ
- 12,317
- 4
- 51
- 83
kaidentity
- 2,634
- 13
- 30