PHP v/s Java - Enterprise class security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rsury
Forum Newbie
Posts: 5
Joined: Mon Aug 10, 2009 11:49 am

PHP v/s Java - Enterprise class security

Post by rsury »

Hi,
We are starting on a medical compliance software application for the Pharma industry and deciding between PHP and JSP/Servlet for Web development.
The application would essentially have these technologies:
(1) Extensive db operations - MYSQL/Oracle - both direct db interface as well as through Web Services
(2) Nothing fancy, but elegant UI
(3) SOA architecture
(4) Highly secure since it is in the Pharma industry

Appreciate any feedback on this - thanks in advance:
--> How comfortable would a customer feel if the application is developed in PHP instead of Java. I once had a customer comment 'PHP script junkies' - no offense meant, but just the perception out there
--> Are there any pharma customers who are using PHP for their enterprise applications
--> Any HIPAA/FDA regulations which would make PHP less reliant than Java ... basically does PHP support all kinds of encryption and security required by the government
--> If we were to make this application a SaaS application later, would it sustain and scale to handle huge transaction data

Thanks !!
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: PHP v/s Java - Enterprise class security

Post by jayshields »

There's no right or wrong answer. It's a matter of opinion, and you're asking PHP developers.

If you already have developers on board for the project then just go with whichever technologies they are most comfortable with.
rsury
Forum Newbie
Posts: 5
Joined: Mon Aug 10, 2009 11:49 am

Re: PHP v/s Java - Enterprise class security

Post by rsury »

Any banking/financial or other secure sites that use PHP ?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PHP v/s Java - Enterprise class security

Post by Christopher »

rsury wrote:--> How comfortable would a customer feel if the application is developed in PHP instead of Java. I once had a customer comment 'PHP script junkies' - no offense meant, but just the perception out there
If the client will not do the deal with PHP, then use Java. ;)
rsury wrote:--> Are there any pharma customers who are using PHP for their enterprise applications
Don't know.
rsury wrote:--> Any HIPAA/FDA regulations which would make PHP less reliant than Java ... basically does PHP support all kinds of encryption and security required by the government
Yes, I can't think of anything it can't do. Most are HTTP/webserver functionality anyway.
rsury wrote:--> If we were to make this application a SaaS application later, would it sustain and scale to handle huge transaction data
Scaling is not that related to the language. Both Java and PHP can scale massively as many major sites prove.
(#10850)
rsury
Forum Newbie
Posts: 5
Joined: Mon Aug 10, 2009 11:49 am

Re: PHP v/s Java - Enterprise class security

Post by rsury »

Chris - thanks for your response.

Appreciate if anyone else can fill in Banking/financial/pharma/medical web sites, apps that use PHP.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: PHP v/s Java - Enterprise class security

Post by Weirdan »

rsury
Forum Newbie
Posts: 5
Joined: Mon Aug 10, 2009 11:49 am

Re: PHP v/s Java - Enterprise class security

Post by rsury »

Thanks for the response.

That makes me more comfortable now.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: PHP v/s Java - Enterprise class security

Post by kaisellgren »

It's not about the language. Both Java and PHP applications can be insecure. And I don't think your customers have heard of Java or PHP...
User avatar
tajiknizam
Forum Newbie
Posts: 7
Joined: Tue Aug 18, 2009 6:25 am
Location: Pakistan

Re: PHP v/s Java - Enterprise class security

Post by tajiknizam »

I would like u to hava JSP, its more secure than PHP
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: PHP v/s Java - Enterprise class security

Post by Eran »

thanks for your input. you made some really strong points there.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: PHP v/s Java - Enterprise class security

Post by jackpf »

Lol
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: PHP v/s Java - Enterprise class security

Post by pickle »

1) Both Java and PHP can do database operations & web services
2) In my limited experience with Java, I found the interfaces could be nowhere close to as pretty as a web-based alternative. Essentially, anything you can make in Photoshop can be turned into your interface - and much easier than can be done in Java (again, not a lot of experience doing UI in Java)
3) The architecture of your application is pretty much independent the language being used. Both Java and PHP allow you to make an SOA architecture
4) As far as security of the application goes - you can make an insecure application in any language you want. It all comes down to experience - which is where PHP gets a bit of a bad name. Since it's so easy to learn, there are a lot of people out there who don't know how to use it properly, so a lot of the code out there is the suck. As far as security of the executable (the JVM or PHP binary), I've heard of a lot more security holes in vendors implementations of the JVM, than I have of the PHP executable. Most (all?) security holes found in PHP applications are because of improper coding on the part of the application coders, not the PHP core.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
rsury
Forum Newbie
Posts: 5
Joined: Mon Aug 10, 2009 11:49 am

Re: PHP v/s Java - Enterprise class security

Post by rsury »

Thanks for all you comments.

Bad Programmers can hurt the reputation of a programming language. In one of the previous project on which I worked, register globals was turned on in PHP4 and extensively used - now we know that it is a disaster
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: PHP v/s Java - Enterprise class security

Post by yacahuma »

Java is Junk. Use PHP. :D

I think it dependends on the architecture you are planning to implements. I trully believe in DB backends and PHP front ends. Others, put their neck on the applications servers. So far, in my experience, I dont see the benefit. I am not saying there are'nt any.
Post Reply