JSP VS PHP

[boyScout]

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).
Why people say JSP is more secure than PHP? because I think php works
at the server side.
And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?
thanks

 

[Licorice Tattoo]

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).
Why people say JSP is more secure than PHP? because I think php works
at the server side.
And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?
thanks

Writing a JSP is basically just an easier way of writing a servlet that
will be outputting HTML. I don't know PHP but I write Java and JSP
code all day. So while I can't say whether it's more secure, I can say
that yes, a JSP is as secure as a Servlet, because it will become a
servlet after you run it on the server.

 

[Manish Pandit]

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).
Why people say JSP is more secure than PHP? because I think php works
at the server side.
And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?
thanks

PHP vs JSP - This is one of the hottest debates on the blogs. Anyway,
given the context of a banking application, I'd recommend using JSPs,
as it is much more modular and easier to connect to legacy systems.

If you want to deliver a web application pretty fast, and it is mostly
data-centric (vs. a ton of business logic), PHP is the best option.

JSPs and Servlets are same when *deployed* on the server. Like a
previous poster said, JSPs offer an easier way of writing a Servlet.

-cheers,
Manish

 

[Daniel Pitts]

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).
Why people say JSP is more secure than PHP? because I think php works
at the server side.
And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?
thanks

A JSP is a type of Servlet.

Security can only be as good as your understanding of security
concerns. There are more security concerns in a PHP script than a JSP
Servlet, so its more likely to miss something in PHP.

For an Internet banking application, I would seperate it further.. Any
critical aspect that requires security of any sort should be handled in
Java code (in the business Tier), then use JSPs to render the HTML
which is presented to the end user. Don't do anything that creates,
reads, updates, or delets data, in the JSP. Those operations should all
be handled in the business layer.

This approach is a good idea for even non-secure applications, as it
helps keep your design more Object Oriented, and helps seperate
concerns (view vs model vs controller)

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).

That would be a fair assumption.

Why people say JSP is more secure than PHP? because I think php works
at the server side.

JSP and PHP are both run at the server side.

There are no guarantee that a JSP web app will be more secure
than a PHP web app.

It is absolutely possible to write a secure PHP web app.

What you have hear is probably due to 2 facts:
1) PHP is much easier to get started with than JSP and Java - and
therefore very bad programmers usually prefer PHP and they
make web apps with huge security holes
2) JSP and J2EE in general has builtin some security features
in the server that has to be implemented in the web app itself
for PHP, and IBM/BEA/JBoss/Apache makes better security solutions
than the average PHP developer

And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?

JSP pages are compiled to servlets, so no difference.

JSP and J2EE are very widely used in the financial sector.

Arne