We're currently having a management system project, and i'm at a dilemma whether to use PHP or Java. My concerns are these:

1) What if the admin of the management system will do something foolish from his home (if the system is through php/web), since he can just access it.

2) if the management system is web-based, it'll be easy for the agents to access non-work related sites.

3) if the system is desktop-based, i'll like to set it to autostart and take a fullscreen size in order to prevent the agent from accessing non-work related sites/programs. is this fool-proof or am i missing something?

which is the best route to go?

I would go with PHP.

General reason is because it is made fast and secure and bugs with it are unlikely unless coder himself/herself codes the script wrong. It is literally made programless. Of course you need Apache, but once that's started, PHP will always work.

I wouldn't choose for Java, since even when you start instance of Java on internet, it complains about "Warning, this version of Java is insecure.", Java seems to be prone to weaknesses. And basing your website upon this would force users to install Java as well (well, that depends on how you're going to handle client-side).

Java needs constant updates and reinstallations. Since being just 2 minor patches behind is already a vulnerability found (mentioning the message earlier).
PHP needs just disabling server for 1 minute, and moving updated PHP files in there. And they're more of bug-fixes and upgrades, because there is no real PHP hacks that are so widely accessible. In order to break PHP in-face you would need other factors to fail, or you need to be genius cracker.

Like I said, I would go with PHP. There's way less to mess with that and it can provide powerful outcome, and gives more strict notifications instead of errors. Simple and direct 1-liner, instead of you scanning throughout the entire stack of try(), catch() and throw().

"Java needs constant updates and reinstallations. Since being just 2 minor patches behind is already a vulnerability found (mentioning the message earlier)."

That scares the wit out of me.

That scares the wit out of me.

Just try this, install user-end consumer-grade Java, then when Java asks to update, deny it for a month, then go to website that requires recent Java, and you get this type of thing. Same happens on your server, except there's no more browsers or "helpers" to help you block-out potential threat. So you need keep up with Java, day for day.

Like I said, go full PHP, if you have 4.5v PHP and they will release 4.9v PHP. Your website won't explode, however, having it updated is nice too. On Java, this isn't the case since Java is heavily targetted as it connects server, user and 3rd parties. Where as PHP just connects from server to user without injectables from user side.

that makes me cry. i'll do it with PHP . thanks so much ;)