Quote:
|
Almost guaranteed any application you write will be hackable one way or another no matter what language you write it in. Granted you should try to write it to not be.
|
As a professional development manager, and after working on a number of security projects, I'll take some exception to the above statement. There are a number of applications, either client server or web apps that have been designed and implemented to be very secure.
The problem is that people design security in AFTER the code is complete. The security problems and potential attacks need to be part of the initial design process. Security breaches are often via "back door" attacks, like leaving the FTP password "pswd", so attention also needs to be paid there.
I do agree with the statements that JSP, ASP or PHP should be chosen on the basis of what platform you are targeting and what your development skill set is. All will do a fine job, but think about security as you design not as an afterthought.
And there have been 100's of threads and posts on what language, web host, web site, etc to use. You might want to go dig through the massive CD archive to see what others have said in the past.
One of the things we do in the business side is have a "Build vs. Buy" conversation. Do we want to build things from scratch, or buy something off the shelf to customize. If you scroll down to the bottom of the page you'll see "Powered by vBulletin". In this case the vBulletin software does most of the heavy lifting, you don't need to reinvent the wheel (or reinvent ways to make the site secure)
Learning how to make a website from scratch using PHP, JSP, ASP is a good thing to know, but I'll tell you, none of my design teams start from scratch. We always pick a framework to build on, there are better uses of time than reinventing the wheel.
Good luck!