Web technologies are growing so fast that we now have tons of modern tools and frameworks. Be it a choice of frontend, backend or database. Many d...
For further actions, you may consider blocking this person and/or reporting abuse
Hello! can you link some article about PHP is insecure by default (not code, PHP as itself)?
PHP is not considered much secure as compared to Spring and Node.js. Thanks!No hard feelings with PHP, I love it, but in order to make is secure we will have to add some extra code, which other frameworks already do out of the box. learnwebtutorials.com/php-is-insec...
Not about PHP! don't worry. I'm PHP, node and python developer and I think that all this problems are same on all languages (or very similar).
Java XSS - stackhawk.com/blog/java-xss/
Python/Django XSS - stackhawk.com/blog/django-xss-exam...
NodeJs XSS - stackhawk.com/blog/nodejs-xss-guid...
And PHP is a language, not a framework ;)
I'm really curious about security, and how can be PHP insecure as language it self, not with code examples of people that don't know how to code.
Thanks!
I agree!
Hey! I think that statement can be actually true. Some time before some attacker hacked my server by uploading his php script and executing it by accessing it's url. I found out that this is a common scenario happening ofter with Wordpress plugins for example.
There is a reason why enterprise grade applications rely on spring framework.
This is silly, I think other languages/frameworks are equally prone to XSS etc. if you don't follow proper standards. Can't be used as an argument against PHP, especially not when you use a framework like Laravel.
Yes I agree, but PHP does not support security out of the box, a developer may need to write extra code in order to protect their applications. Happy to share that spring already has so many security features already built in.
Coming to Laravel, if you will compare libraries built for spring vs that built for Laravel are not that sophisticated and you can't rely on them in terms of application backdoor.
And just in case if there is a security findings there are active developers to fix for libraries in java as compared to that of PHP.
Composer dependency manager is relatively new. NPM shows warnings ans threats after installing any package aka 'npm audit'. Which is still work in progress for dependency management of PHP compaoser
Not sure if I agree, as far as I know Laravel has security features out of the box, I'm rarely hearing anyone complain that Laravel applications are unsafe. I've been a Java programmer in the past and yes, Spring and Spring Security are great, but complex, and arguably overkill for most web apps.
Not about Laravel, dependencies you use with PHP can be insecure, you must be using some extra libraries which are not built in with Laravel could be vulnerable however this is true for every framework which you said earlier. There is reason why enterprise grade applications use spring.
And that's what I mentioned in my article that spring could be overkill for trivial applications
Just for reference: cvedetails.com/vulnerability-list/...
And some vulnerabilities having no patch
snyk.io/vuln/composer:laravel%2Ffr...
Sorry, not convinced - the notion that PHP is insecure is based on outdated information, or on issues with WordPress plugins (WordPress does not equal PHP ...)
So what about the library that's responsible for one of the biggest security scares of the last decade? The name of that library is Log4J, a Java library that's being used in numerous Java applications, and within other Java libraries.
PHP or Laravel are in itself no less secure than any other programming language or framework, it all depends on knowledge of security basics and on common sense of the devs using it.
Thanks for the list - so it's immediately obvious that at least 95% of the vulnerabilities are in older versions (5.x or 6.x) - we're at version 8.x now. This also indicates that vulnerabilities are actively being addressed, as can be expected from a popular open source framework.
So conclusion?
Conclusion is that PHP isn't in itself unsafe, and Java isn't by definition safe (and then I'm only talking about server side Java, of course client side Java is notorious for containing numerous security holes over the years).
You can write Crap code in a bunch of different languages, not just PHP. The Frameworks help with security and encourage best practices, but much is still left in the hands of the Dev. Also FYI, Symfony is more popular than Laravel in Europe.
PHP is not considered much secure as compared to Spring and Node.jsThis statement is misleading and false, but thats ok. 💩
I think it's just for the click bait tbh 🙄
Knowing who to write secure native PHP is just part of knowing how to code.
Great job loved the article
p.s flask is also a pretty popular bavkend framework
Glad that you loved the article. Yes completely agree Flask is great!
Call me stupid but for me ASP MVC is my go to for backends. Since most of our customers are hosting their stuff on Azure I find this approach much easier. At least the Authentication and Authorization part is a no brainer. What do you think about it and what was the reason to not include it? :)
Yes I agree! I missed this, maybe in future articles I will mention
Not stupid at all. Maybe a bit of extra effort bc of the bloat of ASP/MVC environment but functionality speaking, I'd say your in a best spot
Golang + gorilla + docker is what I use. Small, light, fast and you get concurrency out of the box with goroutines.
What i like about this stack is that I can deploy it to the cloud (Google/AWS) or to my small foot print device (raspberry pi) so it's very flexible.
Happy coding
Thanks for sharing, I will surely give my hands on Golang
As some people mentioned in the comments, we need to talk more about ASP .NET 6 and Go. ASP is cross platform, running on Linux, and C# is getting much easier to write, I'd say it's as good as Kotlin. Go is relatively easy to write, I'd say as easy as Python, and you can get so much performance out of it. If you use Node.js, look up Fiber, an Express.js inspired framework that's among the top ranks of TechEmpower bench marks, right along with ASP .NET. We don't need to conform to using interpreted languages. We can build more powerful apps with newer languages.
That's great! I will check out ASP.net and Go surely.
Good read. Small correction though, Node.js isn't a framework. Node is a JavaScript runtime so remove the odd one out or correct it to something like express.js.
Sure thanks, I will
how come no love for .net? it's one of the most performant and easy to work with backend technologies in the industry 😁
Tbh, I have no hands on .net, that's why I didn't mentioned it, maybe surely in future articles I will mention after trying on
Happy Coding!
thought as much. i have a
dotnet noobfriendly article on dev if you're interested in trying new things ;-)Thanks for sharing, I will checkout definitely.
Loved it. I didn't see asp.net or C#. I want to learn C# for web dev but don't know if it's worth learning. So if you can include that in this post too then it will be very helpful.
Although it's an amazing post! ❤️
Very helpful
Sure, I will do my research and try to include.
The first article that says the truth about Spring, I love Java in the backend, Spring is the best but for things very big but I developed an small project based in the sales using Spring but I didn't think in the CPU... Thanks a lot... Great Article.
Glad you liked!
Choosing the right framework is all about experience.
Just kidding, Nice article
I agree :)
Favorite part of this article 'cause 💯 relatable
Yes🥺
So, in summary: Node if you want fast & simple operations, Spring if you need security, Laravel if you want a fast developement and Django if you want to add machine learning features (?)
Laravel actually has a slow deployment, I considered Laravel for cheap shared hosting, however it is recommended to host Laravel on VPS, but it he hosted on shared hosting with some patch.
Fun fact: Your non-PHP code may not secured compared to well-secured PHP code.
Great article but base on my research, learning JavaScript can help you to become a better full stack web developer with the use of MERN, MEAN or MEVN stack.
Yes Agree! However, there are various technologies good for different use case
Do you know which framework DEV is using? Popular and extremely productive... DEV, GitHub, GitLab, Shopify, Codecademy, Exercism, CodePen, ... :)