I am online banking user of Maybank and PublicBank. I found that both banking websites are powered by JSP and servlet.

Is that because JSP and servlet more secure than other server side script?
Why don't we see online banking website with PHP?
Is PHP secure enough to use for online banking/high security website?

Oh, pls don't tell me SSL. I wish to know the security level of different server side script. Which one will you choose if you are asked to develop a secure website? Reasons?

Thank you for any feedback

__________________
LiewCF | Malaysia Bloggers Forum

I think the reason is PHP is opensource. Can you trust a technology that is written by some annoymous people and use it in such a sensitive web application such as the online banking system? also who you gonna sue if your system lead to fraud.

servlet are compiled code and thus more secure. the server can also do a checksum of the servlet to make sure no other people had touched it after it was compiled.

I personally love PHP than any other server side scripting but when it comes to such sensitive application.. I will choose servlet anytime.

__________________
Venzon Solution Services

maybe JSP is secure... but it heavy too....

__________________
<form name="jump">
<select name="menu" onChange="location=document.jump.menu.options[document.jump.menu.selectedIndex].value;" style="border:1px #393F31 solid;color:#393F31;font:10px Verdana;font-weight:bold;" >
<option value="0" style="background: #9CC8FE" selected>*SELECT-LINKS</option>
<option value="http://www.gengturbo.org/" style="background: #FF0000">GENGTURBO</option>
<option value="http://www.phixelgrafix.com/" target="new" style="background: #C6D607">PHIXELGRAFIX</option>
<option value="http://dailydigital.phixelgrafix.com/" style="background: #FCBC45">OLD-BLOG</option>
<option value="http://www.mesrahosting.net/" style="background: #FF99CC">WEBHOSTING</option>
</select>
</form>

I don't think that JSP is more secure than any other language - say PHP. A language is a language. When it comes to how secure an application is, it doesn't matter what language the application is programmed in, but how the application was designed and developed - the architecture, not the language.

A reason to why banks choose JSP over other languages may be because of intergration. Net banking is not a standalone application - it is intergrated with many system. When they want to intergrate a new system with an old system, they would need to make the new system compatible with the old system.

A reason to why banks may not use PHP is because it is opensource. If you were a systems analyst for a bank, you can't one day rock up to work and say your going to change the whole system. Doesn't work that way. Big companies and government agencies have protocols - procedures which must be followed. If you were going to use opensource software in these companies, the company would need to have new policies. Yes - opensource maybe free - but how much will it cost to change over to a new system? For example, recently, the Australian Taxation office has awarded about A$350 million worth of contracts to change it's old system to a new system.

Another reason maybe the hardware/platform they use. If they are using SUN mainframes, then JSP would work well on Solaris.

Well, I mean "why don't they use PHP to develop?"
not "why don't they use open source?"

I think this is the main reason.

Is JSP and Servlet more powerful(function) than PHP? Looks like JSP and servlet just need to include Java class then it can use the Java functions already.

__________________
LiewCF | Malaysia Bloggers Forum

A simple answer would be yes. (Think of J2EE)

fyi... RHB uses asp and IIS... now thats scary

__________________
Venzon Solution Services

As I said... it's not really the language - it's more the architecture (of the app)... 2 of Australia's main (largest) banks also run on ASP/IIS

http://www.commbank.com.au/
http://www.anz.com.au/

It is well known Microsoft and IIS have many holes and add to the amount of people hating MS there will be many targeting MS web application. Think the amount of time MS releases patches, if the organization's team is not up to it, to keep their system up to date it will be vulnerable to heckers. The first week my website online I already seen more than 10 attempt to heck my website using previously known ASP/IIS vulnerability.

__________________
Venzon Solution Services

Indeed... but these are banks, not ordinary websites - They invest a lot of money in security. I believe that the people who operate/maintain these systems on these platforms know what they are doing and know what to do if the system becomes vulnerable.

Bank lagi scare lah~

If the system failed/kena hacked, then the bank habis. So, I think they will ensure the system security and safety before put it in public.

I think there are many experts hiding in bank's building.

__________________
LiewCF | Malaysia Bloggers Forum

too many fraud nowadays...no wonder those expert hiding in bank's building....jaga pintu malam (part time)

Thats why paypal not available for Malaysian

__________________
Venzon Solution Services

yeah...my cousin brother having a problem with them now

kene banned lah ape lagi

__________________
I hate when:

vBulletin Message:
Sorry! The administrator has specified that users can only post one message every 60 seconds