Page 1 of 1

PHP vs ASP Security

Posted: Mon Jun 21, 2004 7:49 pm
by SBukoski
Now, I know that every language is prone to security risks based on how the programmer codes, but I was looking more at a general perspective. My company is big into Microsoft and everything that is MS. Our servers our Windows based servers whose scripting applications are always written in ASP.

Recently (mostly because of my love for PHP), I was curious as to attempting to convince them to use PHP. If not on our servers for external customers, then for internal uses only.

I was curious as to how PHP compared to ASP in terms of overall security on a Windows based system. Is ASP more secure, less secure, about the same? Are there any good sites or resources that compare the two (not from a programming and useability standpoint, but from a security one)?

Posted: Mon Jun 21, 2004 11:17 pm
by kettle_drum
Hmmm. Well as you say the language is only prone to security risks if the coder writes sloppy code, which can be done in both languages. What i would think is the main security risk is the server itself, windows as you will know is prone to virus/worms etc and so can be taken down quite easily if you get a virus from time to time - whereas linux does have the odd remote server exploit which can cause problems.

You really need to chose the OS with the best stability and what your admin can administer, both php and asp can be run on both windows and unix based systems - but i would say apache was more stable for bigger sites on unix - so maybe that is something you should consider.

There is then also cost factor. You can get all your software for free using linux/unix if you use php (the OS, apache, php and database software is free) - if you want to run asp on unix you have to pay for chilisoft. Then if you want to run a windows server you have to pay like $200 for a copy of windows.