I would like to know which is THE BEST platform to develop a web application which will be used by a huge amount of users. Is it PHP or ASP.NET? I am giving more importance to the application performance and security.


Recommended Answers

All 14 Replies

If either one were conclusively "the best", the other would have died long ago. Both ASP.NET and PHP are a good choice for your stated needs. If you want to do a proper comparison, you'll need to dig down to something far more specfic than "huge amount of users" or "performance and security".

You can go with ASP.net. PHP is the advanced version but ASP.net take low loading speed.

Your question is way too vague. You would have to provide a detailed list of requirements before anyone can really guide as to whether one is more appropriate over the other. I assume that this is for a personal project or just for learning? You seemed to have missed an important component to consider which is cost.

Like for example..hmm...facebook or linkedin...both of them are being used used by millions of users yet the website doesn't hang or doesn't fail to load whatsoever. There had been scenarios where facebook gets hacked by someone and many user information got leaked etc etc. My core aim is that when a user logs into my application, i dont want some stupid hacker to sneak in and my app should open like Google's search results. I know there is a lot of hardware requirements too but on the coding side is there anything that can be done. I am a PHP developer and after hearing a lot of news about facebook being hacked. I dont trust PHP that much. One of my business contacts who is kinda like my advisor says that ASP.net is the best platform for an app to be developed because its highly secure, can be developed by developer who are familiar with different languages and so on.

You seem to be conflating programmer quality with language or platform quality. Once again, both PHP and ASP.NET meet your needs. A shitty programmer will write shitty software regardless of what tools he uses, and conversely a good programmer will write good software regardless of his tools. Strive to be a good programmer, strive to write solid software, and it won't matter much what language or platform you choose.

Each platform is going to have its strengths and weaknesses. Both PHP and ASP.NET can provide the security you need. You have to consider that there are various aspects of security. deceptikon mentioned one of the most important items with regard to the web application itself, which is the quality of the code. However, security is a layered approach. The web server also needs to be configured and maintained in a secured manner. How about the operating system? Where is this site being hosted? Do you have to worry about physical security? Are you storing sensitive information? Database security, allowing your users to store weak passwords, are you encryting traffic to and from the user/webserver (HTTPS/SSL)?, etc...

There are many things that you must keep into consideration while coding.Security doesn't depends on what you are using but how efficiently you are using that language.

  • It depends on how securely you are writing code for your project.If you are taken basic injections,sql injections taken into consideration while coding.
  • Taking proper care of cookies/session variables.Destroying them whenever there usage is over.
  • Using more layered approach preferably MVC architecture so that all layers are separate and so easy to develop and maintain.
  • If you are dealing with sensitive information then you must store them in encrypted format.
  • Whenever you are using any transaction action you must preferably use SSL layer.
  • Wherever required use proper validations preferably on client side so as to reduce traffic on server and hop over your performance.
  • Make sure to make your code to identify the difference between bots and actual user.As bots may lead to slow down your server by spamming messages.

If you are taking care of some basic security and performnce issues you can code in any language i.e., ASP.Net or PHP with good security and performance.

Yeah while coding i consider SQL injections, sessions. I usually code my apps in CI so i can follow an MVC structure.
How do i transact an information via SSL, i am sorry if its a noob question...i've never really had to do it before.
Vaidation on client side was something i found interesting. Thanks for that.
How do i distinguish between a bot and an actual user. Just curious, how do you code for a bot?

I heard JAVA is a pretty stable language and its faster than PHP but the only disadvantage is that it requires more lines of code.


I'm not big on PHP or Java, but once I got to this line in that Document, I lost all interest...

"Everybody is a PHP programmer. Even monkeys! "

My recommendation to you is to go with what you feel comfortable with. There is no clear "winner", otherwise, everyone would be developing with that language. Each scripting language, framework, etc... out there has its benefits and different people just feel more comfortable with different tools.

If you want to be a web developer, I'd suggest that you make sure your HTML and CSS on strong. Client side scripting is key as well for rich, dynamic client side experience for your users. Then pick the server side scripting language or framework that fits best for you.

I'm just curious why Facebook being hacked makes you not trust PHP? I'm prettty sure Facebook uses compiled C++ CGI.

How do i distinguish between a bot and an actual user. Just curious, how do you code for a bot?

To identify bot,there are several techniques.

  • One of the most old and famous technique is using captcha,until the captcha image is matched with answer don't allow database connection as it is the most costly resource.Also you can even ban certain IP's based on identification of the intruder as bot or attacker.
    Now even bots are using character recognition technique to pass this filter,so try to add noise and distortion to your image so that it is difficult for bots to interpret it.

  • Other's like 3rd Party Authentication(Gmail,yahoo..etc)

  • Math Questions
    Instead of a graphical code, the user has to answer a simple math question like 2+2 =?

  • Hidden Fields/The Honeypot Trap
    This option builds on the idea that robots enter information in a field regardless of whether or not it is visible. Developers use CSS to hide a particular field, rendering it invisible to humans. Here, the system checks if a hidden field has data. If it does, it is most likely filled in by a robot. Otherwise, a human has entered information in the form.
    The main problem of this option is that it may be confusing for someone who has deactivated CSS.
  • Verification Via SMS

  • determine the time for completing the form
    A human normally takes at least half a minute to fill out a form with three to five fields. On the other hand, most robots complete a form automatically, so it doesn't take more than a few seconds.
    The system can determine if the form was filled out in a very short amount of time (e.g. ten seconds for three fields). Through the acquired information, the system can determine if the form is filled out by a robot or a human.

@NardCake: the reason is that facebook was developed by Mark as you know. The man was an expert at it. If hacker could intrude into such an expert coder's app, then their might be some faults on PHP's side right?.. I mean thats what i thought. Plus i have never heard ASP.NET or JAVA apps getting hacked. Hence the question!

If hacker could intrude into such an expert coder's app, then their might be some faults on PHP's side right?

Your conclusion is reasonable but your premise is not. Even experts make mistakes. Case in point is Knuth's reward for mistakes that has resulted in more checks than one might expect for an expert of his level. In fact, I'd be more inclined to blame the programmer than the implementation of a popular programming language simply because of the sheer number of people using the language in stupid ways that would highlight bugs.

Plus i have never heard ASP.NET or JAVA apps getting hacked.

I have...a lot.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.