[linux-novice] Php and other languages

[Michael P. Soulier]

On 03/06/07 Darcy Whyte said:

> For a Web application, the following article looks at some of the choices:
> 
> http://www.joelonsoftware.com/items/2006/09/01.html
> 
> Our Web application has a datamart and some processes that need to run in
> the background as well (thus my post about schedules).
> 
> PHP seems to be a good system for the Web server both in our experiences and
> according to the article above. 
> 
> Can you point out anything you think is a flaw in the article?

Yes, exactly what I said previously. He says nothing in the article about the
security history of the technologies. PHP has a terrible history for security
holes in the base technology. I just patched one. Again. 

Personally, I've found Perl, Python, and even Java to have excellent histories
for security overall. That said, you can write good, even secure code in PHP.
However, be aware that you might have to patch the production system more
often than some other choices, if this trend continues, and it shows little
sign of abating. 

Because of this, I tend to reject PHP as a valid choice when I'm making
technology decisions. Perl might be older, and not as cool, but it's a damn
sight safer. If MVC frameworks are for you, then Django is a perfectly valid
choice from the Python world. I do like Ruby on Rails but lately I also have
doubts about its scalability. We'll see. 

In the end, don't forget that apps don't go away once they're written.
Maintenance is a very big deal. 

Cheers,
Mike
-- 
Michael P. Soulier <msoulier at digitaltorque.ca>
"Any intelligent fool can make things bigger and more complex... It
takes a touch of genius - and a lot of courage to move in the opposite
direction." --Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/linux-novice/attachments/20070611/69f5c2bc/attachment.pgp