Educause Security Discussion mailing list archives
PHP vs ColdFusion Security Concerns
From: Jim Pardonek <jpardonek () LUC EDU>
Date: Wed, 22 Aug 2012 13:51:19 -0500
Greetings, Although this may be slightly off topic, I was hoping that maybe some of you might know or have someone to talk to that could shed some light on this. Our server-side scripting Technical Advisory Committee is looking at 2 products as choice finalists. The choices are PHP and ColdFusion. I looking to see if there are any security concerns with either one of those technologies that might sway us in one direction or the other. We know that ColdFusion has a means to automatically check for updates and security advisories, whereas PHP updates are an entirely manual process; also, we speculated that PHP, due to its significantly larger developer base, has a higher adoption rate which might translate to it being targeted more frequently. What we don't have, though, is a clear idea of whether or not those two things translate to actual security issues in the real world. Do you have an opinion on the matter, or access to any resources that might be able to indicate a clear advantage of one technology vs the other? Please let me know. Thanks! Jim Pardonek James Pardonek, CISSP, CEH Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 (: (773) 508-6086
Current thread:
- PHP vs ColdFusion Security Concerns Jim Pardonek (Aug 22)