Page 1 of 2 1 2 LastLast
Results 1 to 15 of 17

Thread: JSP is more secure?

  1. #1
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    249

    Question JSP is more secure?

    I am online banking user of Maybank and PublicBank. I found that both banking websites are powered by JSP and servlet.

    Is that because JSP and servlet more secure than other server side script?
    Why don't we see online banking website with PHP?
    Is PHP secure enough to use for online banking/high security website?

    Oh, pls don't tell me SSL. I wish to know the security level of different server side script. Which one will you choose if you are asked to develop a secure website? Reasons?

    Thank you for any feedback

  2. #2
    Join Date
    Feb 2004
    Location
    Shah Alam
    Posts
    175
    Rep Power
    193
    I think the reason is PHP is opensource. Can you trust a technology that is written by some annoymous people and use it in such a sensitive web application such as the online banking system? also who you gonna sue if your system lead to fraud.

    servlet are compiled code and thus more secure. the server can also do a checksum of the servlet to make sure no other people had touched it after it was compiled.

    I personally love PHP than any other server side scripting but when it comes to such sensitive application.. I will choose servlet anytime.

  3. #3
    Join Date
    Jan 2002
    Location
    SoObHanG JhaYa
    Posts
    501
    Rep Power
    226
    maybe JSP is secure... but it heavy too....
    <form name="jump">
    <select name="menu" onChange="location=document.jump.menu.options[document.jump.menu.selectedIndex].value;" style="border:1px #393F31 solid;color:#393F31;font:10px Verdana;font-weight:bold;" >
    <option value="0" style="background: #9CC8FE" selected>*SELECT-LINKS</option>
    <option value="http://www.gengturbo.org/" style="background: #FF0000">GENGTURBO</option>
    <option value="http://www.phixelgrafix.com/" target="new" style="background: #C6D607">PHIXELGRAFIX</option>
    <option value="http://dailydigital.phixelgrafix.com/" style="background: #FCBC45">OLD-BLOG</option>
    <option value="http://www.mesrahosting.net/" style="background: #FF99CC">WEBHOSTING</option>
    </select>
    </form>

  4. #4
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    228
    I don't think that JSP is more secure than any other language - say PHP. A language is a language. When it comes to how secure an application is, it doesn't matter what language the application is programmed in, but how the application was designed and developed - the architecture, not the language.

    A reason to why banks choose JSP over other languages may be because of intergration. Net banking is not a standalone application - it is intergrated with many system. When they want to intergrate a new system with an old system, they would need to make the new system compatible with the old system.

    A reason to why banks may not use PHP is because it is opensource. If you were a systems analyst for a bank, you can't one day rock up to work and say your going to change the whole system. Doesn't work that way. Big companies and government agencies have protocols - procedures which must be followed. If you were going to use opensource software in these companies, the company would need to have new policies. Yes - opensource maybe free - but how much will it cost to change over to a new system? For example, recently, the Australian Taxation office has awarded about A$350 million worth of contracts to change it's old system to a new system.

    Another reason maybe the hardware/platform they use. If they are using SUN mainframes, then JSP would work well on Solaris.
    Last edited by sufyan; 30-03-2004 at 01:41 PM.

  5. #5
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    249
    Well, I mean "why don't they use PHP to develop?"
    not "why don't they use open source?"

    originally post by sufyan
    Net banking is not a standalone application - it is intergrated with many system. When they want to intergrate a new system with an old system, they would need to make the new system compatible with the old system.
    I think this is the main reason.

    Is JSP and Servlet more powerful(function) than PHP? Looks like JSP and servlet just need to include Java class then it can use the Java functions already.

  6. #6
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    228
    Is JSP and Servlet more powerful(function) than PHP?
    A simple answer would be yes. (Think of J2EE)

  7. #7
    Join Date
    Feb 2004
    Location
    Shah Alam
    Posts
    175
    Rep Power
    193
    fyi... RHB uses asp and IIS... now thats scary

  8. #8
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    228
    Originally posted by hftey
    fyi... RHB uses asp and IIS... now thats scary
    As I said... it's not really the language - it's more the architecture (of the app)... 2 of Australia's main (largest) banks also run on ASP/IIS

    http://www.commbank.com.au/
    http://www.anz.com.au/

  9. #9
    Join Date
    Feb 2004
    Location
    Shah Alam
    Posts
    175
    Rep Power
    193
    It is well known Microsoft and IIS have many holes and add to the amount of people hating MS there will be many targeting MS web application. Think the amount of time MS releases patches, if the organization's team is not up to it, to keep their system up to date it will be vulnerable to heckers. The first week my website online I already seen more than 10 attempt to heck my website using previously known ASP/IIS vulnerability.

  10. #10
    Join Date
    Oct 2001
    Location
    Melbourne, AU
    Posts
    456
    Rep Power
    228
    Originally posted by hftey
    It is well known Microsoft and IIS have many holes and add to the amount of people hating MS there will be many targeting MS web application. Think the amount of time MS releases patches, if the organization's team is not up to it, to keep their system up to date it will be vulnerable to heckers. The first week my website online I already seen more than 10 attempt to heck my website using previously known ASP/IIS vulnerability.
    Indeed... but these are banks, not ordinary websites - They invest a lot of money in security. I believe that the people who operate/maintain these systems on these platforms know what they are doing and know what to do if the system becomes vulnerable.

  11. #11
    Join Date
    Feb 2003
    Location
    Kluang, Johor
    Posts
    2,367
    Rep Power
    249
    Bank lagi scare lah~

    If the system failed/kena hacked, then the bank habis. So, I think they will ensure the system security and safety before put it in public.

    I think there are many experts hiding in bank's building.

  12. #12
    Join Date
    Mar 2004
    Location
    KL
    Posts
    267
    Rep Power
    195
    too many fraud nowadays...no wonder those expert hiding in bank's building....jaga pintu malam (part time)

  13. #13
    Join Date
    Feb 2004
    Location
    Shah Alam
    Posts
    175
    Rep Power
    193
    Originally posted by Sorix
    too many fraud nowadays...no wonder those expert hiding in bank's building....jaga pintu malam (part time)
    Thats why paypal not available for Malaysian

  14. #14
    Join Date
    Mar 2004
    Location
    KL
    Posts
    267
    Rep Power
    195
    yeah...my cousin brother having a problem with them now

  15. #15
    Join Date
    Nov 2001
    Location
    Johor
    Posts
    772
    Rep Power
    233
    kene banned lah ape lagi
    I hate when:

    vBulletin Message:
    Sorry! The administrator has specified that users can only post one message every 60 seconds

Page 1 of 2 1 2 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How's Secure Your Web Hosting?
    By mizan in forum Paid Hosting Discussion Forum
    Replies: 30
    Last Post: 06-05-2010, 09:01 PM
  2. secure login page
    By honeyz in forum Website Programming
    Replies: 2
    Last Post: 10-03-2010, 12:50 PM
  3. Secure or not? Your opinion...
    By sufyan in forum Mamak Stall
    Replies: 14
    Last Post: 02-04-2004, 10:51 AM
  4. secure system?? how??
    By joyce in forum Website Programming
    Replies: 7
    Last Post: 12-07-2002, 10:41 AM
  5. Write Secure Scripts with PHP 4.2!
    By tedbundyjr in forum Website Programming
    Replies: 3
    Last Post: 18-05-2002, 08:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search Engine Optimization by vBSEO 3.5.0 RC1 PL1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112