<< Creating Linked Drop-Down Lists with the CascadingDropDown Control | Static Page Methods Instead of Web Services in ASP.NET AJAX Control Toolkit >>

.aspx extension instead of .php? WHY???

This story is not a debate on "ASP.NET vs PHP", but this story is about the people who develop their web applications with PHP, but pretend that they are using ASP.NET. Yes, such people do really exist. I came across their posts in the forums, where they said that or asked how to change the extension of PHP scripts to .aspx.

Why on Earth are they doing that? Basically, they want to look more serious. For some reason, .aspx looks more sophisticated, serious and more enterpisy. The reason is actually well known, ASP.NET usually powers well known companies that everybody look up to.

However, often it's not the developers who want to "be more serious", but their clients who either demand the pages to have the ".aspx" extension or want to the web site to be written with ASP.NET. The latter is the worst case, I believe, because in such a situation, the developer lies to his client. He was hired to build a web site with ASP.NET, but in fact he does with PHP or with something else. I think it is really a lack of work ethic.

This post is partly inspired by the Rick Strahl's article, which is called "ASP.NET gets no Respect", where he puts his thoughts regarding that fact that people and especially the young developers, who are eager to launch their start-up project, simply disregard ASP.NET and prefers to use a more fashionable platform, like Ruby on Rails. While I agree with him on this point, there are people do an opposite thing - write their web sites with PHP and put the ".aspx" extension at the end of their files. <irony>Well, the world is really ridiculous...</irony>

Tags: asp.net, php

Posted by Mike Borozdin on Friday, August 15, 2008 7:54 AM GMT

Permalink | Comments (18) | Post RSS RSS comment feed

PHPExcel: Manipulate Excel Spreadsheets with PHP on Linux Have you ever faced a situation when you need to manipulate Excel spreadsheets with PHP on the se...NetBeans 6.5 as a Cute and Free IDE for PHPAlthough I mostly blog about .NET and related technologies, tools, etc., this time I’m writing about...Develop PHP in Visual StudioI've been programming with PHP for many years and have used a lot of editors and so-called IDEs, I m...

Comments

DotNetKicks.com

Friday, August 15, 2008 12:55 AM GMT

Trackback from DotNetKicks.com

.aspx extension instead of .php? WHY???

Vahid

Friday, August 15, 2008 1:34 AM GMT

You can call it some kind of security! yes, security through obscurity. but they don't know the existence of this add-on:
https://addons.mozilla.org/firefox/addon/2036

Jon Davis

Friday, August 15, 2008 2:18 AM GMT

A lot of times people use faked extensions as a security mechanism to combat security weaknesses.

Otherwise, it could be that ASPX folks are used to it and feel more comfortable with it as they migrate to PHP. It's no different than an ASP.NET developer using index.aspx instead of default.aspx, something that they do frequently, just because "index" is what they're used to seeing.

Mike Borozdin

Friday, August 15, 2008 3:16 AM GMT

Vahid and John,

I understand your views, however the people I'm talking about use faked extensions not for the security reasons, but for the reasons I mentioned above.

John

Friday, August 15, 2008 4:57 AM GMT

Oddly enough, I had a customer once who was adamant about the fact that IIS returns a header claiming it's IIS was a major security breach, and that I had to fix it. I tried telling them how to have IIS remove this header, but they insisted it wasn't a fault with their server, but our application. Their IT guy was completely clueless, as he didn't understand the instructions I gave them. In the end I also tried telling them how futile this was, since the application used .aspx/.asmx extensions, which were a dead giveaway that it was IIS anyway. The application was big enough at that point that renaming everything from .aspx/.asmx to something else was a complete waste of time. Oddly enough, they never had a problem with the .aspx/.asmx thing. Shrug.

John S.

Friday, August 15, 2008 5:12 AM GMT

It's probably to support existing links. Why break a bunch a links if you don't have to?

Mike Borozdin

Friday, August 15, 2008 6:09 AM GMT

Well, I think I really overlooked the security reasons. I was talking about the different reasons though.

John S.,

Good point.

Anyway, I still puzzled by the people who fake the extensions because of the reasons described in the article.

Dinu

Friday, August 15, 2008 2:19 PM GMT

That's one of the most ridiculous things I've heard in a long time. Using it for security is a valid reason. (I used to add fake .html extentions but decided to drop them in favor of usability). However, using it to "look professional" is completely absurd.

JP Strauss

Friday, August 15, 2008 7:54 PM GMT

Why not drop the entire extension? http://www.samplesite.com/home is a perfectly valid address

Amre Ellafi

Friday, August 15, 2008 10:21 PM GMT

urrr ! php has a plenty of url rewriting options and the developer is picking aspx !
I'm mainly asp.net and can give away the "aspx" part if i had apache capability or url rewriting on a modest shared hosting

Ross Hawkins

Friday, August 15, 2008 10:45 PM GMT

Trackback from Ross Hawkins

Chameleons are all around

Gyorgy Fekete

Friday, August 15, 2008 11:35 PM GMT

I would consider changing the extension for security reasons, to mislead potential hackers.

@JP Strauss: Usually search engines ranks better those sites who provide an extension like .html or even .php

Amre Ellafi

Friday, August 15, 2008 11:59 PM GMT

Gyorgy: what sort of hacker will get fooled by extension ? a simple Agent check will report the server ,as well as the middle-ware.

JP Strauss

Saturday, August 16, 2008 6:43 PM GMT

In any case, knowing the server platform is only the very first step in breaching the security. The REAL work starts when you have to find unpatched vulnerabilities (something the ISP is responsible for).

@Gyorgy FeketeO you have a link to studies proving this. I am building an extension-less site at the moment.

Charles

Sunday, August 17, 2008 4:33 AM GMT

It could be that they ported an ASP.net application to php and need to keep any old links working?

throwspoop

Thursday, August 28, 2008 5:29 AM GMT

Could you supply some references to the nefarious php posts? I would like to get some more context on this...faking the extension is often done for SEO reasons...i.e. a url should never change.

- Mr. Poop

Mike Borozdin

Thursday, August 28, 2008 11:01 PM GMT

Hello,

There is one, for instance, www.sitepoint.com/.../showthread.php

Kostenloser WEB Space

Tuesday, January 20, 2009 12:50 PM GMT

Trackback from Kostenloser WEB Space

Kostenloser WEB Space

Comments are closed

Mike Borozdin's Blog

A blog about programming, web and IT in general

About the author

Search

Tags

Recent posts

Archive

Disclaimer

.aspx extension instead of .php? WHY???