Sidu Ponnappa <lorddae...@gmail.com> writes: >> many bitter experiences - security is a nightmare for php apps. Take a >> look at the number of security updates wordpress has per *month* - more >> than django has had in 6 *years*. > That is based on strong correlation between PHP applications and poor > engineering. > > If we're having a philosophical debate, the question then is 'What if > there was a hypothetical, well engineered open source PHP > application?' > > I'm torn. Purely philosophically, I would be fine dealing with it > assuming I had the time to spare to learn PHP idioms, and that time > was otherwise spent solving real issues and not problems caused by > rubbish code. Practically though, PHP as a language makes my teeth > ache, and from what I've seen well factored PHP programs spend a lot > of time working around the limitations of the language. It's turing > complete, but pretty much the only other language that I've used that > I like less is XSLT.
It has more than a fair share of rough spots but it also has it's own advantages. I think PHP is like english in the sense, it's easy to speak/write even when ones control over the language is minimal. YOu can get a whole web site up and running quickly without knowing much. THis has spawned a series of poorly engineered apps which (because worse is better) have hit the net. However, there are really large deployments of PHP out there which are quite stable. archive.org, facebook, wikipedia and (as I heard from the recent PHPCloud conference here), Flipkart. So, given a good team, you can get things right. This whole thing is a digression though. My basic point is that if there's a tool written already that *does* the job you want done, would you stay away from it purely because its not in your favourite language? My outlook is that code is liability. If I can get the job done without "writing" code, that's probably what I'll do. Wordpress is probably the poster boy for poorly engineered PHP apps but I'd prefer using it (and applying security patches when they come out) rather than writing (and more importantly spending time maintaining) my own blogging app in the latest and greatest Python framework. As for Kenneth's points on the LUG sites, they're simply poorly maintained. A lot of high profile secure sites run on PHP so it's a moot argument. [...] -- ~noufal http://nibrahim.net.in Our similarities are different. -Dale Berra, son of Yogi _______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers