RealTime IT News

Report: P-Languages Better For Enterprise

When developers start talking about minding their P's and Q's, they might just be referring to scripting languages that are proving their worth next to more established counterparts.

PHP , Perl , and Python (the P-Languages) have really come into their own over the last four or five years because of their ability to augment general-purpose programming languages, such as C++, Java, and C# (sometimes called the G-Languages), according to IT research firm Burton Group. The firm's report suggests P-Languages are performing well enough in mission-critical tasks like enterprise scripting that they should be preferred over their G-Language counterparts.

Yahoo and Jupitermedia (the parent company of this site) use PHP extensively. Other Websites that use PHP include the social networking site Friendster, which switched from JSP to PHP in 2004, and Freshmeat.org, an open source resource site that uses PHP to process between 600,000 and 700,000 page views a day.

In the report, analyst Richard Monson-Haefel points out that PHP makes dynamically generating HTML and processing HTTP requests very easy. Perl is frequently used for batch transformations of text data and in the system administration of Unix and Linux systems. Python is frequently used as "glue" code as well as for system administration, text processing, and even application development.

"The P-Languages are not replacements for the G-Languages," Monson-Haefel said in his report. "On the contrary, the P-Languages complement the use of the G-Languages and should be viewed as additional, albeit first-class tools that information technology organizations can use to solve enterprise-scripting problems."

In many ways, the P-Languages also streamline the development process. Burton said it found that one line of code in a P-Language program could, on average, accomplish the same number of tasks as five lines of code in a G-Language.

"This means that developers writing code have less code to write and debug," Monson-Haefel said. "It also means that developers maintaining code have significantly less code to work with, which eases the learning curve associated with unfamiliar systems."

One area that the P-Languages are seeing pick up is with open source platforms such as LAMP, an acronym for the terms Linux operating system, Apache web server, MySQL database, and the PHP, Perl, and Python programming languages.

Burton Group also noted that Perl and Python are no more or less susceptible to hacker attacks than most programming languages.

The exception is PHP. Although the language itself does not appear to be any more or less secure than other languages, products built on PHP seem to be especially susceptible to vulnerabilities. In fact, Burton found commercial and open source products built on PHP had over 300 vulnerabilities reported to the Open Source Vulnerability Database (OSVDB) between January 2003 and December 2004. By comparison, Perl and Python had less than a dozen in the same period.

"In truth, there is no omnipotent programming language that is suitable for all development tasks. The set of challenges encountered in enterprise computing is simply too broad to be served by a single language," Monson-Haefel said in his report, "The P-Languages: PHP, Perl, and Python for Enterprise Scripting."

Monson-Haefel also said the PHP community will need to work much more diligently to harden the language. In February 2005, an initiative founded by Chris Shiflett called the PHP Security Consortium was formed to address security concerns and misinformation about PHP security.

Burton Group called the initiative, "a good first step in the right direction for the PHP community."

The firm recommends that its customers consider the P-Languages in future architectural decisions and leverage these languages where appropriate. Customers should understand the limitations and benefits of these languages and how they fit into an overall enterprise architecture, Burton found.

"Particular attention should be paid to evaluating tools, frameworks, and IDEs ," Burton's analysts said. "Although some good free and commercial products are available, the total third-party market for the P-Languages is much smaller than it is for the G-Languages, which limits an organization's choices."