[Klug-general] Web Scripting Languages

MacGyveR macgyver at thedumbterminal.co.uk
Sat Jan 6 22:24:15 GMT 2007 

On Saturday 06 Jan 2007 17:05, Karl Lattimer wrote:
> > 1) Python - my very limited understanding of this language leads me to
> > believe that this is very powerful, very quick and fairly easy to use.
>
> cherrypy and cheetah are cool for templating, lets you do more than PHP
> in python, not without security concerns but any dumb schmuck can
> introduce a security bug into any app. Basic best practices keep you
> straight, same as PHP.
>
> > 2) PHP - The language I know best.  Very powerful, however it's not
> > without security risks.  I have been led to believe that the majority of
> > these have been patched in the more recent versions, however it is
> > resource intensive.

run it as a cgi is the best way rather than using mod_php, see the php docs 
for this.

> Its a good language, and works well, if you know it, stick with what you
> know ;)
>
> > 3) CGI - as I understand it, this is mainly done in Perl. It seems to be
> > incredibly powerful and does everything that PHP does but in a more
> > efficient way, provided that you can program the code accordingly.
>
> FUCKING SECURITY NIGHTMARE!!!!!! an absolute mine field, difficult to
> learn, less flexible than php, less efficient than python, less secure
> than windows 95. I did 2 years of perl-cgi coding, its horrendous
> everything is generated by code, no way to embed snippets in templates.

2 years? i'm on my 8th :-)

running a cgi app using chroot or/and suexec is more secure than using mod_php 
or mod_python. for one reason it runs in it's own process not as part of the 
main webserver.

"everything is generated by code, no way to embed snippets in templates" is 
just wrong. there are more perl modules than there are pear libraries, any 
good developer would use a templating system even if they have to write their 
own, this comment has nothing to do with answering language differences.

performance wise mod_perl and fastCGI should be given consideration.

>
> > 4) SSI - easy to use and learn, doesn't need external programs as it is
> > integreated into Apache.
>
> never used it.

SSI, can use other dynamic content CGI/PHP/Python/Java to include it into html 
pages, but also includes a very basic scripting language itself.

-- 
--------------------------------
http://www.thedumbterminal.co.uk

More information about the Kent mailing list