Please note: This site is in an active redesign. Some things might be a little off 🧐

EH

csis316

Hi Mark, Thanks for your post. I agree that Wordpress and PHP are linked together and as long as Wordpress is around, PHP will be around. It is relatively useful, especially it’s ease of use in shared servers. It’s unfortunate though, because I find the typed variables helpful in things like TypeScript and Swift. I would love for more web hosting to start building in more support for things like Node.js, Swift or Go. They have some great features that help building web applications easier and more safely, but it can be a large overhead to maintain them currently.

Thanks, Eddie

HI Heidi,

Thanks for your post. I agree with everything you said about PHP including “the ease of the language means that it is often poorly written.” I think the ease of the language is also one reason that PHP is used so much across the web. It has a relatively low maintenance burden because unlike many other languages pretty much all shared web hosting providers have PHP pre-configured so all you have to do is upload PHP files alongside your HTML files and it will just work for the most part. This is a big difference in comparison to languages like node.js or Go where you have to start the program running and then figure out how to keep it running 24/7.

Thanks, Eddie

Liberty University CSIS 316

PHP's Relevance

(This post was written as an assignment for my CSIS 316 class as a short ~300 word analysis of PHP vs newer programming languages)

PHP has been the bedrock of web development for decades. It was actually the first server-side language I learned how to program, 15 years ago. It has historically been one of the most dependable server-side programming languages, but the question is does it still hold that place in today's fast changing, ever growing market of programming languages?

PHP has a lot of things going for it, historical reliance, a large base of programmers who know and program it, server support in essentially every shared hosting plan available, as well as being the foundational language in two of the most popular Content Management Systems available (Wordpress and Drupal). Ease of use for newcomers is also key to its success. Once PHP is integrated with the web server it rarely if ever has to be managed or restarted and individual PHP scripts are run automatically by the PHP server service.

There is a lot of competition in today's programming market. Many of them have better tooling, are more exciting to work in and have great features that help with reliability such as typed variables, native multi-threading and speed of processing. But are these improvements worth the cost of the reliability and dependability of PHP? For me, that depends on the use case. If the application isn't going to have anyone experienced with managing it routinely, PHP is the best route to go because of the ability to easily deploy it on shared hosting environments by just uploading the scripts, while other languages such as Node.js, Swift, Go and others require an executable to be run and to ensure it remains up in the event of a crash, there needs to be a secondary server that restarts the application. If you need modern tooling with robust features such as typed variables and multi-threading it can help to use a more modern language rather than trying to use new libraries that make PHP more modern.

Ultimately I think it comes down most of the time to personal preference. There are likely few cases where any specific server-side language is going to drastically change things unless the application is frequently under a large load or has a lot of intensive data processing tasks.

Liberty University CSIS 316
Hi Matt,

This is a great post, outlining a lot of important aspects around security and the people involved. I agree that there are essentially three roles and that those roles might be fulfilled by the same person or by two or three different people or even organizations.

Something I would add in regard to using trusted wifi connections is that there are a lot of services out now that provide VPNs (Virtual Private Networks) that provide a secure tunnel between your computer and that computer. VPNs are a great solution to using the internet from potentially insecure wifi locations like fast food, hotels and more.

Liberty University CSIS 316
Hi Laura, Great post! I definitely agree with you that ultimately security falls on the owner of the website, regardless of who is actively managing the security measures. I also appreciate that you mentioned that you should hire someone unless you have extremely good security knowledge. I think a lot of people just assume that what little they know is good enough rather than thinking critically about how much they know about internet and website security. I really think all websites in today’s day and age should be running https/ssl, not just finance websites, because SSL certificates are often inexpensive and some are even free (a service called Let’s Encrypt helps provide free SSL certificates). I think by spreading https/ssl across the web it helps alleviate a lot of issues that users run into.
Liberty University CSIS 316
Who is responsible for website security?

Website visitor security is important and I believe the responsibility falls on a couple roles which may or may not be the same person, company or separate people or companies.

A large amount of the responsibility for website security lands on the website programmers both front-end and back-end. There are a number of various attack vectors that hackers and other malicious parties can attempt on a website and it is up to the programmers to understand common errors and to enable robust programming tactics in order to avoid valuable customer information to fall into the wrong hands.

Responsibility also falls on the web server manager. This could be the programmer or a separate person in the same company or even a separate company if web hosting is outsourced. The security of the website itself doesn’t matter if the server that is making the website available to the rest of the web is insecure. For this reason, it’s important for programmers that don’t understand the dynamics of web hosting management should outsource that task rather than trying to handle it themselves.