Nick Kew wrote:
That looks a lot like Windows' market position. And I suspect it's no
accident: both products have heaped on new 'goodies', all too often
at the expense of other considerations. It's IMO also no accident
that PHP is moving towards a Windows-like security track record.
You'll find skeletons if you go looking in CPAN.
Market share is a lot of the reason why people target malware at
Windows. If you wrote an email virus for the mac, one mac would infect
the other mac and that would be the end of your fun.
The real trouble with PHP is that it's sparked a revolution in web
server software: code reuse. Before PHP, you couldn't find affordable
web hosting for dynamic sites: cgi-bin was so expensive and problematic
that mass hosting facilities couldn't afford to host it. Mod_perl would
be out of the question.
If you wanted to start a weblog or a wiki four years ago, you
couldn't find reliable software that would hold up in the real world
unless you were willing to put a lot of work in it. Today you can
download Drupal, Wordpress or any of a large number of packages. So
now there are tens of thousands of site running the same software with
predictable URLs that people can mess around with and find bugs in the
underlying software. If there were any Perl or Java apps of the same
popularity, we'd be seeing the same thing.
The difference is you can get a shared web hosting account for $10 /
month if you want to run a Wordpress site on PHP, but you really want a
dedicated server, more like $200 /month if you want to run mod_perl or
Java.
If you wanted to match the functionality of PHP, in mod_perl or
Java, you'd have to install twenty or so framework modules -- everybody
is going to pick a different set of modules, so attackers aren't going
to have a consistent profile to hit, but on the other hand, this
inconsistency makes it harder to incorporate other people's code into
your site.
