Whether you use Perl, PHP or ASP won't make much difference to security per se. Since all of these are "scripting" languages they are "open source" and could be read by an unauthorized "visitor". If you are really concerned about security then using a compiled language may be a better route to go (such as C or C++, etc). The big key though will be that you use SSL. Your code (compiled or not) will not make a hill of beans if the data is being transmitted clear text.

With that said there are things you can do with all of the aforementioned "scripting" languages to make them more "secure". Security of course is a multi-level process. You need to lock down and secure more than just the code; access points, and data transmission also need to be considered.

Scott Geiger

Scott,

Thanks for the input. I forgot to mention that I do have an SSL certificate ready to go. Beyond that, I have not applied any other layers of security.

I presently deal with money so security is, obviously, priority one. We use php with oracle on solaris, have multiple levels of security, 128 bit encryption etc.

You really have to look at your whole setup from both the hardware and software perspective. If the information is that sensitive then there is not really any measure that would be considered too far. You have to be sure that you go far enough.

From the code standpoint, at least for php there is also the Zend encoder [zend.com] to encode php scripts. I think any of the languages mentioned are fine, more of a question of implimentation than anything else. The sql type is fine as long as it is a transactional database (again if the information is that important).

It is a very all encompassing question because everything in the picture is important.

"you are only as string as your weakest link"

Thanks for the info.