Our team is developing a web app in the financial space using PHP. The big question that comes up first is always security related. What are the main security risks associated with PHP or scripted 开发者_如何学JAVAlanguages in general verus a more accepted (in the space) Java written app?
Programming languages are generally not inherently secure or insecure (barring any bugs/ exploits). The code written with them is however. Provided the code is securely written the PHP is fine.
The only difference I can think of with scripted languages is that in many of those, including PHP, you have eval
with its associated risks. If you don't use it, I don't think there's a real difference regarding security.
The PHP engine itself might have some more leaks than Java, since a large part of the functions you use in PHP are written in C, while in Java most is written in Java itself.
And of course, as with any language, security largely depends on the programmer. XSS, CSRF, SQL injection, etc are a risk in any language, if you don't use the proper tools.
That said, I wouldn't recommend using PHP. While not a less secure platform than Java, it's certainly much easier to create bugs there through it's dynamic typing and other quirks, and they can be as killing to your app as security flaws.
精彩评论