Posted by himilecyclist on 02/02/07 18:46

My State government organization has written a PHP/MySQL application
which has been in production for about 6 months and has been highly
successful.

We are now embarking on a similar database application, but one with
much higher security concerns (birth data). Prior to beginning the
project, we met with an oversight committee who strongly advised
against PHP and suggested Java. Their concern was that PHP could not
be trusted to handle the security of the data adequately.

My team have become fairly adept PHP programmers, but we know little
about security and other technical issues. None of us are familiar
with Java, and due to time constraints, we are very reluctant to make
such a drastic switch.

I have done some brief reading regarding PHP security and it looks
like a lot of steps can be taken to increase the security level.

Unfortunately, there appers to be quite a bias against PHP in our
organization, which will be responsible for hosting the application.
We will definitely be fighting an uphill battle, and are concerned
that even if we are able to stay with PHP, if there are future
security problems, we will really be in a bad position for having
stayed with it.

Any thoughts regarding this issue would be greatly appreciated. Is
Java inherently much more secure than PHP? If my team of 3 PHP
programmers were to make the switch to Java, about which we know
nothing, how much time would that add to the development of a mid-
sized application (realizing that that is a very general question)?

Many thanks!

[Back to original message]