PHP v/s Java - Enterprise class security
Moderator: General Moderators
PHP v/s Java - Enterprise class security
Hi,
We are starting on a medical compliance software application for the Pharma industry and deciding between PHP and JSP/Servlet for Web development.
The application would essentially have these technologies:
(1) Extensive db operations - MYSQL/Oracle - both direct db interface as well as through Web Services
(2) Nothing fancy, but elegant UI
(3) SOA architecture
(4) Highly secure since it is in the Pharma industry
Appreciate any feedback on this - thanks in advance:
--> How comfortable would a customer feel if the application is developed in PHP instead of Java. I once had a customer comment 'PHP script junkies' - no offense meant, but just the perception out there
--> Are there any pharma customers who are using PHP for their enterprise applications
--> Any HIPAA/FDA regulations which would make PHP less reliant than Java ... basically does PHP support all kinds of encryption and security required by the government
--> If we were to make this application a SaaS application later, would it sustain and scale to handle huge transaction data
Thanks !!
We are starting on a medical compliance software application for the Pharma industry and deciding between PHP and JSP/Servlet for Web development.
The application would essentially have these technologies:
(1) Extensive db operations - MYSQL/Oracle - both direct db interface as well as through Web Services
(2) Nothing fancy, but elegant UI
(3) SOA architecture
(4) Highly secure since it is in the Pharma industry
Appreciate any feedback on this - thanks in advance:
--> How comfortable would a customer feel if the application is developed in PHP instead of Java. I once had a customer comment 'PHP script junkies' - no offense meant, but just the perception out there
--> Are there any pharma customers who are using PHP for their enterprise applications
--> Any HIPAA/FDA regulations which would make PHP less reliant than Java ... basically does PHP support all kinds of encryption and security required by the government
--> If we were to make this application a SaaS application later, would it sustain and scale to handle huge transaction data
Thanks !!
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: PHP v/s Java - Enterprise class security
There's no right or wrong answer. It's a matter of opinion, and you're asking PHP developers.
If you already have developers on board for the project then just go with whichever technologies they are most comfortable with.
If you already have developers on board for the project then just go with whichever technologies they are most comfortable with.
Re: PHP v/s Java - Enterprise class security
Any banking/financial or other secure sites that use PHP ?
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: PHP v/s Java - Enterprise class security
If the client will not do the deal with PHP, then use Java.rsury wrote:--> How comfortable would a customer feel if the application is developed in PHP instead of Java. I once had a customer comment 'PHP script junkies' - no offense meant, but just the perception out there
Don't know.rsury wrote:--> Are there any pharma customers who are using PHP for their enterprise applications
Yes, I can't think of anything it can't do. Most are HTTP/webserver functionality anyway.rsury wrote:--> Any HIPAA/FDA regulations which would make PHP less reliant than Java ... basically does PHP support all kinds of encryption and security required by the government
Scaling is not that related to the language. Both Java and PHP can scale massively as many major sites prove.rsury wrote:--> If we were to make this application a SaaS application later, would it sustain and scale to handle huge transaction data
(#10850)
Re: PHP v/s Java - Enterprise class security
Chris - thanks for your response.
Appreciate if anyone else can fill in Banking/financial/pharma/medical web sites, apps that use PHP.
Appreciate if anyone else can fill in Banking/financial/pharma/medical web sites, apps that use PHP.
Re: PHP v/s Java - Enterprise class security
http://ehr.gplmedicine.org/index.php/Op ... e_EHR_List. Some of those are written in PHP.
Re: PHP v/s Java - Enterprise class security
Thanks for the response.
That makes me more comfortable now.
That makes me more comfortable now.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: PHP v/s Java - Enterprise class security
It's not about the language. Both Java and PHP applications can be insecure. And I don't think your customers have heard of Java or PHP...
- tajiknizam
- Forum Newbie
- Posts: 7
- Joined: Tue Aug 18, 2009 6:25 am
- Location: Pakistan
Re: PHP v/s Java - Enterprise class security
I would like u to hava JSP, its more secure than PHP
Re: PHP v/s Java - Enterprise class security
thanks for your input. you made some really strong points there.
Re: PHP v/s Java - Enterprise class security
1) Both Java and PHP can do database operations & web services
2) In my limited experience with Java, I found the interfaces could be nowhere close to as pretty as a web-based alternative. Essentially, anything you can make in Photoshop can be turned into your interface - and much easier than can be done in Java (again, not a lot of experience doing UI in Java)
3) The architecture of your application is pretty much independent the language being used. Both Java and PHP allow you to make an SOA architecture
4) As far as security of the application goes - you can make an insecure application in any language you want. It all comes down to experience - which is where PHP gets a bit of a bad name. Since it's so easy to learn, there are a lot of people out there who don't know how to use it properly, so a lot of the code out there is the suck. As far as security of the executable (the JVM or PHP binary), I've heard of a lot more security holes in vendors implementations of the JVM, than I have of the PHP executable. Most (all?) security holes found in PHP applications are because of improper coding on the part of the application coders, not the PHP core.
2) In my limited experience with Java, I found the interfaces could be nowhere close to as pretty as a web-based alternative. Essentially, anything you can make in Photoshop can be turned into your interface - and much easier than can be done in Java (again, not a lot of experience doing UI in Java)
3) The architecture of your application is pretty much independent the language being used. Both Java and PHP allow you to make an SOA architecture
4) As far as security of the application goes - you can make an insecure application in any language you want. It all comes down to experience - which is where PHP gets a bit of a bad name. Since it's so easy to learn, there are a lot of people out there who don't know how to use it properly, so a lot of the code out there is the suck. As far as security of the executable (the JVM or PHP binary), I've heard of a lot more security holes in vendors implementations of the JVM, than I have of the PHP executable. Most (all?) security holes found in PHP applications are because of improper coding on the part of the application coders, not the PHP core.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: PHP v/s Java - Enterprise class security
Thanks for all you comments.
Bad Programmers can hurt the reputation of a programming language. In one of the previous project on which I worked, register globals was turned on in PHP4 and extensively used - now we know that it is a disaster
Bad Programmers can hurt the reputation of a programming language. In one of the previous project on which I worked, register globals was turned on in PHP4 and extensively used - now we know that it is a disaster
Re: PHP v/s Java - Enterprise class security
Java is Junk. Use PHP.
I think it dependends on the architecture you are planning to implements. I trully believe in DB backends and PHP front ends. Others, put their neck on the applications servers. So far, in my experience, I dont see the benefit. I am not saying there are'nt any.
I think it dependends on the architecture you are planning to implements. I trully believe in DB backends and PHP front ends. Others, put their neck on the applications servers. So far, in my experience, I dont see the benefit. I am not saying there are'nt any.