Posted by Tim Van Wassenhove on 02/02/07 20:44

himilecyclist@yahoo.com schreef:
> We are now embarking on a similar database application, but one with
> much higher security concerns (birth data). Prior to beginning the
> project, we met with an oversight committee who strongly advised
> against PHP and suggested Java. Their concern was that PHP could not
> be trusted to handle the security of the data adequately.

What where the reasons behind their advise? My concern is the following:
Why and how can a JVM be trusted more than a PHP runtime?

> My team have become fairly adept PHP programmers, but we know little
> about security and other technical issues. None of us are familiar
> with Java, and due to time constraints, we are very reluctant to make
> such a drastic switch.

Basically, if your team switches to Java they'll make more mistakes
(because the lesser experience), and will thus deliver a less secure
application.

> If there are future
> security problems, we will really be in a bad position for having
> stayed with it.

And what will happen if you switch to LanguageX on platformY? Who will
be responsible for the security problems then?

Does the oversight commitee really believe that it's the magic bullet?
If they truly stand behind their words, they'll gracefully accept the
offer to be considered responsible for eventual security problems if
anything goes wrong with the Java implementation.

--
Tim Van Wassenhove <url:http://www.timvw.be/>

• Next in forum: Unable to install PHP on Linux to work with Apache
• Prev in forum: Re: I have sub-categories but want to display full category path
• Thread view: Re: Security - PHP Vs Java

[Reply to this message]