DEV Community

Cover image for How to choose the right backend technology?
Prafful Lachhwani
Prafful Lachhwani

Posted on • Edited on • Originally published at blog.iamprafful.com

How to choose the right backend technology?

Web technologies are growing so fast that we now have tons of modern tools and frameworks. Be it a choice of frontend, backend or database. Many developers have this big question - Which tech stack I should begin with?🤔

Sometimes we end up choosing the one we worked on before or language we are comfortable in. As human nature, we always stick to our comfort zone and that's where things start going wrong. This may include choosing a framework being overkill. Or, even worse, we pivot from our existing tech stack in the middle of a project and end up re-writing the code in a different language.🤦‍♂️

So, it's important to choose the right tech stack before starting a new project. With this post, I will help you with a thought process so that you could choose the best tech stack.

1. Getting the content

This is a three-part series. In this post, I will talk about various backend technologies such as Node.js, Java - Spring, Laravel - PHP and Python - Django. We will compare them on different aspects such as reliability, scalability, performance, security, developer's experience and most importantly cost of hosting. In the later posts, we will compare different frontend technologies and various databases. So, let's get going!

2. What is a backend?

In a nutshell, the backend has the code which runs on the server-side and is responsible for handling and managing storage, database and other resources. The backend is also called the data access layer of software.

image.png

One should always start with choosing the right backend. Because it acts as the backbone of your application. We have so many alternatives out there, we will cover some popular backend frameworks in this article and will see which one is appropriate for a given scenario.

3. Node.js

Node.js uses asynchronous programming! Meaning, it is non-blocking. In other words, It does not wait for a resource to finish the job. It is immediately ready to take up the next request and gives a callback when it's done. Node.js runs like a rocket and it is very scalable.

When to use Node.js?

When your application is highly event-driven and performs lots of I/O operations. Also, when you have to make various API calls from the backend itself. Here in this scenario, you can leverage its non-blocking feature.

When NOT to use Node.js?

When you have a heavy algorithm or a job that consumes lots of CPU cycles. Because Node.js runs on a single thread just like client-side js, your application will be very inefficient for CPU intensive jobs.

4. Java - Spring Boot

Spring is a powerful, lightweight, and most popular framework which makes Java quicker, easier and safer to use. Spring boot helps you to build production-ready Spring-based applications. It serves 80% of everyone's needs for a modern web application. It is highly useful for creating stand-alone, production-grade applications with minimum effort.

When to use Spring Boot?

When your primary focus is security, maybe you want to write banking or financial applications. Where you cannot compromise with security, Spring boot will be the best option. As Java supports multithreading out of the box, it becomes a great choice for building complex and highly concurrent web applications.

When NOT to use Spring Boot?

Although, there are no limitations to the spring framework, it can serve all your needs. But, sometimes trivial apps which do not need heavy computation, spring as a backend will be an overkill. The only thing for saying no to Spring boot is that it's a bit complex and requires a lot of expertise.

5. PHP - Laravel

PHP is an old friend who introduced me to web development.🥺

Laravel is an open-source PHP framework. It follows an MVC (Model-View-Controller) architecture. Laravel makes life easier as it has so many developer-friendly features, one of them is query builder or ORM (Object-Relational Mapping). Before Laravel, it seemed like PHP is dying but now it is one of the competitive frameworks.

is-php-dead-0-1.jpg

When to use Laravel?

When the time to market is the key, then Laravel is the best choice. Because it has so many salient features that make web development very fast as compared to other frameworks out there. Also, Laravel can be hosted on a shared hosting thus making it cheapest amongst all, so when time and cost is the key you should go with Laravel.

When NOT to use Laravel?

PHP is not considered much secure as compared to Spring and Node.js, however, Laravel prevents some of the basic attacks such as SQL injection and cross-site scripting attacks and adds an extra layer of security to it. But still, PHP is never recommended for applications where security is a must.

6. Python - Django

Django is a fast, secure and scalable high-level Python web framework. Django encourages rapid and clean application development. It takes care of much of the hassle of web development, so you can focus on writing your app without needing to reinvent the wheel.

When to use Django?

Since, Django is based on python it supports powerful machine learning libraries like PyTorch, NumPy, etc. Its computational and statistical capabilities make it the ideal platform for machine learning applications.

When NOT to use Django?

Django is not suitable for smaller projects with only a few features and requirements. Because it's a "Batteries included" framework, it has so much boilerplate code which small projects don't need. As a result, consuming unnecessary server processing time and bandwidth.

7. Conclusion

I hope you found the article insightful! We have discussed the four most popular backend frameworks and how to make the right choice.

And stay tuned for the next article of this series. In that, I will compare the most popular front-end frameworks so that you can make the right decision.

Please give your valuable feedback in the comment section, tell me what I missed about these frameworks.

Top comments (48)

Collapse
 
lito profile image
Lito

Hello! can you link some article about PHP is insecure by default (not code, PHP as itself)? PHP is not considered much secure as compared to Spring and Node.js. Thanks!

Collapse
 
prafful profile image
Prafful Lachhwani

No hard feelings with PHP, I love it, but in order to make is secure we will have to add some extra code, which other frameworks already do out of the box. learnwebtutorials.com/php-is-insec...

Collapse
 
lito profile image
Lito

Not about PHP! don't worry. I'm PHP, node and python developer and I think that all this problems are same on all languages (or very similar).

Java XSS - stackhawk.com/blog/java-xss/
Python/Django XSS - stackhawk.com/blog/django-xss-exam...
NodeJs XSS - stackhawk.com/blog/nodejs-xss-guid...

And PHP is a language, not a framework ;)

I'm really curious about security, and how can be PHP insecure as language it self, not with code examples of people that don't know how to code.

Thanks!

Thread Thread
 
prafful profile image
Prafful Lachhwani

I agree!

Thread Thread
 
jancizmar profile image
Jan Cizmar

Hey! I think that statement can be actually true. Some time before some attacker hacked my server by uploading his php script and executing it by accessing it's url. I found out that this is a common scenario happening ofter with Wordpress plugins for example.

Thread Thread
 
prafful profile image
Prafful Lachhwani

There is a reason why enterprise grade applications rely on spring framework.

Collapse
 
leob profile image
leob

This is silly, I think other languages/frameworks are equally prone to XSS etc. if you don't follow proper standards. Can't be used as an argument against PHP, especially not when you use a framework like Laravel.

Thread Thread
 
prafful profile image
Prafful Lachhwani

Yes I agree, but PHP does not support security out of the box, a developer may need to write extra code in order to protect their applications. Happy to share that spring already has so many security features already built in.

Coming to Laravel, if you will compare libraries built for spring vs that built for Laravel are not that sophisticated and you can't rely on them in terms of application backdoor.

And just in case if there is a security findings there are active developers to fix for libraries in java as compared to that of PHP.

Composer dependency manager is relatively new. NPM shows warnings ans threats after installing any package aka 'npm audit'. Which is still work in progress for dependency management of PHP compaoser

Thread Thread
 
leob profile image
leob

Not sure if I agree, as far as I know Laravel has security features out of the box, I'm rarely hearing anyone complain that Laravel applications are unsafe. I've been a Java programmer in the past and yes, Spring and Spring Security are great, but complex, and arguably overkill for most web apps.

Thread Thread
 
prafful profile image
Prafful Lachhwani

Not about Laravel, dependencies you use with PHP can be insecure, you must be using some extra libraries which are not built in with Laravel could be vulnerable however this is true for every framework which you said earlier. There is reason why enterprise grade applications use spring.

And that's what I mentioned in my article that spring could be overkill for trivial applications

Thread Thread
 
prafful profile image
Prafful Lachhwani • Edited

Just for reference: cvedetails.com/vulnerability-list/...
And some vulnerabilities having no patch
snyk.io/vuln/composer:laravel%2Ffr...

Thread Thread
 
leob profile image
leob • Edited

Sorry, not convinced - the notion that PHP is insecure is based on outdated information, or on issues with WordPress plugins (WordPress does not equal PHP ...)

So what about the library that's responsible for one of the biggest security scares of the last decade? The name of that library is Log4J, a Java library that's being used in numerous Java applications, and within other Java libraries.

PHP or Laravel are in itself no less secure than any other programming language or framework, it all depends on knowledge of security basics and on common sense of the devs using it.

Thread Thread
 
leob profile image
leob

Thanks for the list - so it's immediately obvious that at least 95% of the vulnerabilities are in older versions (5.x or 6.x) - we're at version 8.x now. This also indicates that vulnerabilities are actively being addressed, as can be expected from a popular open source framework.

Thread Thread
 
prafful profile image
Prafful Lachhwani

So conclusion?

Thread Thread
 
leob profile image
leob • Edited

Conclusion is that PHP isn't in itself unsafe, and Java isn't by definition safe (and then I'm only talking about server side Java, of course client side Java is notorious for containing numerous security holes over the years).

Thread Thread
 
llbbl profile image
Logan Lindquist

You can write Crap code in a bunch of different languages, not just PHP. The Frameworks help with security and encourage best practices, but much is still left in the hands of the Dev. Also FYI, Symfony is more popular than Laravel in Europe.

Collapse
 
llbbl profile image
Logan Lindquist


PHP is not considered much secure as compared to Spring and Node.js

This statement is misleading and false, but thats ok. 💩

Collapse
 
pau1phi11ips profile image
Paul Phillips • Edited

I think it's just for the click bait tbh 🙄

Knowing who to write secure native PHP is just part of knowing how to code.

Collapse
 
neoprint3d profile image
Drew Ronsman

Great job loved the article
p.s flask is also a pretty popular bavkend framework

Collapse
 
prafful profile image
Prafful Lachhwani

Glad that you loved the article. Yes completely agree Flask is great!

Collapse
 
spotnick profile image
spotnick

Call me stupid but for me ASP MVC is my go to for backends. Since most of our customers are hosting their stuff on Azure I find this approach much easier. At least the Authentication and Authorization part is a no brainer. What do you think about it and what was the reason to not include it? :)

Collapse
 
prafful profile image
Prafful Lachhwani

Yes I agree! I missed this, maybe in future articles I will mention

Collapse
 
camco profile image
Camco

Not stupid at all. Maybe a bit of extra effort bc of the bloat of ASP/MVC environment but functionality speaking, I'd say your in a best spot

Collapse
 
cjsmocjsmo profile image
Charlie J Smotherman

Golang + gorilla + docker is what I use. Small, light, fast and you get concurrency out of the box with goroutines.

What i like about this stack is that I can deploy it to the cloud (Google/AWS) or to my small foot print device (raspberry pi) so it's very flexible.

Happy coding

Collapse
 
prafful profile image
Prafful Lachhwani

Thanks for sharing, I will surely give my hands on Golang

Collapse
 
ozzythegiant profile image
Oziel Perez • Edited

As some people mentioned in the comments, we need to talk more about ASP .NET 6 and Go. ASP is cross platform, running on Linux, and C# is getting much easier to write, I'd say it's as good as Kotlin. Go is relatively easy to write, I'd say as easy as Python, and you can get so much performance out of it. If you use Node.js, look up Fiber, an Express.js inspired framework that's among the top ranks of TechEmpower bench marks, right along with ASP .NET. We don't need to conform to using interpreted languages. We can build more powerful apps with newer languages.

Collapse
 
prafful profile image
Prafful Lachhwani

That's great! I will check out ASP.net and Go surely.

Collapse
 
jackfr0st13 profile image
Deepak Choudhary

Good read. Small correction though, Node.js isn't a framework. Node is a JavaScript runtime so remove the odd one out or correct it to something like express.js.

Collapse
 
prafful profile image
Prafful Lachhwani

Sure thanks, I will

Collapse
 
djnitehawk profile image
Dĵ ΝιΓΞΗΛψΚ

how come no love for .net? it's one of the most performant and easy to work with backend technologies in the industry 😁

Collapse
 
prafful profile image
Prafful Lachhwani

Tbh, I have no hands on .net, that's why I didn't mentioned it, maybe surely in future articles I will mention after trying on

Happy Coding!

Collapse
 
djnitehawk profile image
Dĵ ΝιΓΞΗΛψΚ

thought as much. i have a dotnet noob friendly article on dev if you're interested in trying new things ;-)

Thread Thread
 
prafful profile image
Prafful Lachhwani

Thanks for sharing, I will checkout definitely.

Collapse
 
saifullahusmani profile image
Saifullah Usmani

Loved it. I didn't see asp.net or C#. I want to learn C# for web dev but don't know if it's worth learning. So if you can include that in this post too then it will be very helpful.
Although it's an amazing post! ❤️
Very helpful

Collapse
 
prafful profile image
Prafful Lachhwani

Sure, I will do my research and try to include.

Collapse
 
andipandiber profile image
Andres Bermeo

The first article that says the truth about Spring, I love Java in the backend, Spring is the best but for things very big but I developed an small project based in the sales using Spring but I didn't think in the CPU... Thanks a lot... Great Article.

Collapse
 
prafful profile image
Prafful Lachhwani

Glad you liked!

Collapse
 
cmmon profile image
C-mmon

Choosing the right framework is all about experience.

Collapse
 
cmmon profile image
C-mmon

Just kidding, Nice article

Collapse
 
prafful profile image
Prafful Lachhwani

I agree :)