Posted by Toby A Inkster on 02/04/07 09:35

himilecyclist wrote:

> We are now embarking on a similar database application, but one with
> much higher security concerns (birth data). Prior to beginning the
> project, we met with an oversight committee who strongly advised
> against PHP and suggested Java. Their concern was that PHP could not
> be trusted to handle the security of the data adequately.

For the most part, security problems are not introduced by the programming
language, but by the programmers.

Writing a secure application requires someone who is an expert in that
particular programming language, and who is preferably more than a teensy
bit paranoid.

If your programmers are new to Java, they will not be able to write secure
Java code. End of story. (Whatsmore, the training budget will go through
the roof and the project will take at least three times as long to develop.)

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/CSS/Javascript/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

[Back to original message]