Why PHP is so much more popular for web-development

[Jeffrey Froman]

walterbyrd wrote:

> The point is: PHP framework makers are very considerate of the
> realities of shared hosting.

I think the opposite is true: PHP applications typically ignore the
realities of shared hosting in order to be considerate to non-developers
(that is to say, "users"). In particular, security in a shared hosting
environment is almost always discarded.

Consider a PHP-based CMS that allows users to upload files. Because the
application runs as the webserver user, uploaded files, and the directory
where they reside, must be accessible and writable by that user. It is the
same user that any other hosting customer on that machine has access to.
Thus, any user on the shared host could write a quick CGI script that
accesses, adds, removes, or defaces your uploaded content.

While it is true that PHP can be deployed through fastcgi/suexec to avoid
this problem, doing so is just as complicated as deploying python
applications through fastcgi.

Deploying python applications through mod_python suffers the same drawbacks
on a shared host that using mod_php does, but it is quite simple to set up:
3 lines or so in an .htaccess file is all that is required to get
mod_python configured. Surely PHP developers need to write their
own .htaccess files as well in most cases?

On a related note, most PHP hosting providers offer only PHP4. While this is
again fine for the typical PHP *user*, I would hope that PHP *developers*
are looking primarily (if not exclusively) for PHP5 at this point. PHP5
providers are much rarer.

All that said, I am sympathetic to your concerns, and am currently working
hard to set up a commercial shared hosting environment that offers turn-key
Django and Plone provisioning. Certainly, the automated, generic set-up
won't suit everyone's fine-tuned requirements, but I agree that more hosts
should think about providing a working default configuration for python
frameworks.


Jeffrey