Re: One Last Requirements Doc: Hosted Scanner

[David Warde-Farley <david.warde.farley () utoronto ca>]

On 23-May-06, at 10:16 AM, Jones, David H wrote:

> "You have a bit of latitude in selecting the language for this system.
> Perl, Python, or C would be good choices. PHP is probably not OK."
>
> Just wondering what you have against PHP... :)

I can't speak for anyone but myself, but I've always found PHP to be  
very conducive to sloppy code. Not to mention it's a bit of a  
resource hog and not exactly known for its security. They have a  
rather cavalier attitude towards things like typesafety that make me  
nervous when designing something mission critical.  That's not to say  
one cannot write good, rock-solid PHP code. It's just hard. (I'd be  
interested as to what Fyodor has against it)

OTOH, I think C would be a terrible choice, for exactly the reasons  
Dimian points out. You /can/ write a web application in C, but I  
can't think of a good reason to do so, unless you /want/ to have to  
audit the living crap out of it. C would give you a speed boost but  
the bottleneck here will almost certainly be bandwidth rather than  
CPU time. I imagine you'd be calling Nmap externally to do most of  
the hard work and that's written in C/C++ anyway.

The only way I'd even consider writing a web app in C is if there  
were a preexisting body of web application libraries that had been  
audited to hell and back, and even then, I'd feel a little naked not  
having a scripting language runtime between me and the user.

My $0.02.

Dave


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev