[OT] Re: Which server-side programming should i choose.

Joel Rees joel at alpsgiken.gr.jp
Sun Jul 6 18:53:16 PDT 2003


> Joel Rees wrote:
> 
> >>>PHP!!  All the way...easiest, free, likely to be more
> >>>secure than Perl if used as Apache module than CGI.
> >>>      
> >>>
> >>More secure, how so?
> >>    
> >>
> >
> >Less arcane syntax to hide holes in, maybe?
> >
> 
> >However, for people who know what they are doing, perl code can be made
> >more secure than php code. 
> >  
> >

Matt Heath <matt at thebigchoice.com> commented

> I'm not trying to be insulting but I think that you don't know what 
> you're talking about.

Oh, you're probably right about my not knowing what I'm talking about. I
tend to spout off about things I know nothing about some times. Human
habit.

Question, though, are you contending with my assertion that perl has
some arcane syntax issues that make holes harder to see, or with my
assertion that perl can be made more secure than PHP? Both assertions?

(If we really want to debate the subject, I suppose cross-posting into
the php and perl lists where people who know what they are talking about
hang out would be a way to get solid information. Or to get castigated
for attempting to start a flame war. ;-|)

<BS-generator state="on"/>
Perl had a head start on PHP, was the focus of a lot of essential
pioneering work in most of the currently "hot" technologies. It's in a
bit of upheaval right now, because we, as an industry, have hit a
technological wall, and the people who develop perl are heavily involved
in trying to break through that wall.

The PHP group is basically distilling the web programming technologies
out of the work that has been done in perl (and other languages), making
the technology more accessible to less skilled hands. So far, the PHP
community has a good track record. (I personally consider PHP mostly a
dialect of perl, but a reasonably good one.)

But if you really need to tighten down the bolts, well, no programming
language is sufficient by itself, but, near as I have seen, perl gives
better access to the tools for the really tough cases. But you do have
to know what you're doing to use those tools.

Java/jsp gets us part way through the technological wall, but it also
requires a certain mind-set and familiarity with the existing Java tools
and with the Java-ish ways to use those tools. If you can get the
familiarity part down, you get a high pay-back in code re-use. If you
move on to frameworks, you can really avoid re-inventing a lot of wheels.
But the tools for standard http, last time I checked, are a little
behind what's available in perl.

But all that is way beyond what the OP asked. He wanted to get started
with web proramming, and wondered whether PHP or perl would be better,
and the answer, as far as I see it, is yes. 
<BS-generator state="off"/>

PHP _is_ a pretty good place to start, but don't expect it to solve all
your problems. Perl is a natural next step. (JSP/Java would not be a
natural next step, but is a good next step for at least some people, and
don't even think of jsp without Java, as far as I'm concerned.)

-- 
Joel Rees, programmer, Kansai Systems Group
Altech Corporation (Alpsgiken), Osaka, Japan
http://www.alpsgiken.co.jp



More information about the freebsd-questions mailing list