5

I'm wondering is JSP a safe alternative to PHP? Some things I'm concerned about are cpu usage, memory usage, and security.

Kelly Elton
  • 214
  • 4
  • 9
  • 2
    There isn't really a clearcut answer: JSP will require you to run the JVM and a container like Tomcat or Glassfish, and this translates to heavier memory use compared to a basic PHP site. Both can be used to achieve the same results, and security is a matter of following best practices, validating input, and reading up on ways to prevent XSS, CSRF, etc. You do see more people using PHP than JSP, probably, so the community is also a big difference. – wkl Sep 24 '11 at 04:44
  • i also do wounder why i find lots of blogs admiring jsp and its abilities while most of the webapps could be done easily with php ?! – Ali Sep 24 '11 at 05:03

1 Answers1

2

JSP is an alternative to PHP like any other programming language, and just like PHP is an alternative to anything other.

CPU-wise, it will depend on your applications. JSP, as ASP.NET, are compiled and run in a virtual machine; PHP, on the other hand, is interpreted. In both cases, the bottleneck would probably be the database access or your application itself, not the underlying language mechanisms.

As for memory usage, from what I've seen, small applications have a smaller memory footprint when written in PHP, and the opposite is true for large apps. Again, this is only my personal experience, and other people may not obtain the same results with their apps.

Finally, security-wise, it's up to you to make an application secure. If you know one language well, but not the other one, you surely will do some mistakes in this other language, making your applications unsafe.

If:

  1. you have a precise design of an application to create, and:
  2. you and your colleagues know equally well both languages, and:
  3. there are no constraints server-side,

then you can do some assertions about:

  • the bottlenecks,
  • which language will help you to be more productive for a specific project,
  • which language to choose to ensure that your company will have enough specialists in a future to maintain the application.

For the bottlenecks, after making those assertions, you have to profile them to have a good image of the reality. Expectations about the performance are usually wrong.

In practice, the second and the third conditions enumerated above are hard to match:

  • There are chances that in your company, more developers are using PHP more often than JSP, or the opposite, or if they know both equally well, they prefer JSP,
  • There are even more chances that the server stack has a set of constraints, making it more difficult to implement one technology over another. For example if I have to do a web application which will use Microsoft SQL Server, chances are I will use ASP.NET over PHP, even if both can use Microsoft SQL Server.
Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513