Welcome!

Linux Authors: Katharine Hadow, Hovhannes Avoyan, Anatoly Krivitsky, Pat Romanski, Suresh Krishna Madhuvarsu

Related Topics: Linux, Java, Open Source

Linux: Article

What PHP Needs to Learn From Java

We all know that there isn't a single language or platform that is totally secure
By Calvin Austin
Article Rating:
May 12, 2007 01:45 PM EDT
Reads:
 21,685
We all know that there isn't a single language or platform that is totally secure, much in the same way that no matter how well you secure your house, its still possible to leave a door unlocked. However if your house has few locks, open windows and is it a bad neighborhood, shouldn't you do something about it?

The house I am referring to is PHP, great for prototyping and building applications quickly, but has a long way to go before it provides the automatic piece of mind Java does. We track vulnerabilities on all platforms and applications that use PHP are often the target of attacks. Was it the application developers fault, possibly, but there is little help for PHP developers to find out if they are really writing insecure code and without a security manager like Java, any small mistake can become a big exploit.

My colleague Ezra has started a new open source php security tool to audit php applications, phpsecaudit if you have any php code lying around check it out. We are looking for other contributors too. As for me, my first choice is still Java, even if it does take longer to create something the first time around.

Published May 12, 2007 – Reads 21,685
Copyright © 2007 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Calvin Austin

A section editor of JDJ since June 2004, Calvin Austin is an engineer at SpikeSource.com. He previously led the J2SE 5.0 release at Sun Microsystems and also led Sun's Java on Linux port.

Comments (3) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
z 07/28/06 04:35:36 PM EDT

Can this guy really be serious? "Automatic peace of mind" from a programming language? Come on, get real. How many web app developers out there have the faintest clue what the SecurityManger API is anyway? Perhaps someone knows how the java SecurityManager automatically protects against XSS or SQL Injection vulnerabilities - since these are the two most common exploits in web applications.
tcherbin 07/27/06 07:53:39 PM EDT

This is total rediculous article and even the idea of it makes me furious.. The article should be about how idiot web programmers should stop using glorified languages like java to program web pages.. Another article is Who would hire a java programmer to do a web page, what corporate executives need to learn about their java programmers.
JDJ News Desk 07/26/06 04:05:45 PM EDT

We all know that there isn't a single language or platform that is totally secure, much in the same way that no matter how well you secure your house, it's still possible to leave a door unlocked. However if your house has few locks, open windows and is it a bad neighborhood, shouldn't you do something about it?