Re: JSP VS PHP

From:

"Daniel Pitts" <googlegroupie@coloraura.com>

Newsgroups:

comp.lang.java.programmer

Date:

5 Jan 2007 11:45:22 -0800

Message-ID:

<1168026322.297217.55680@q40g2000cwq.googlegroups.com>

boyScout wrote:

Hello guys, I want to know if Jsp works like php (Hope everyone know
about php).
Why people say JSP is more secure than PHP? because I think php works
at the server side.
And if someone wants to build a web application such as an internet
banking, should he use jsp instead of servlet?
Is JSP as secure as Servlet?
thanks

A JSP is a type of Servlet.

Security can only be as good as your understanding of security
concerns. There are more security concerns in a PHP script than a JSP
Servlet, so its more likely to miss something in PHP.

For an Internet banking application, I would seperate it further.. Any
critical aspect that requires security of any sort should be handled in
Java code (in the business Tier), then use JSPs to render the HTML
which is presented to the end user. Don't do anything that creates,
reads, updates, or delets data, in the JSP. Those operations should all
be handled in the business layer.

This approach is a good idea for even non-secure applications, as it
helps keep your design more Object Oriented, and helps seperate
concerns (view vs model vs controller)