Zend CEO: PHP is fit for the enterprise

In a Q&A, the prominent developer Andi Gutmans also defends language against criticisms over security

Page 2 of 2

InfoWorld: What does Python offer that those three -- Perl, Ruby, or Python -- don't offer?

Gutmans: We think PHP is actually the only ecosystem today that is enterprise-grade and ready to take on Java and .Net. Ruby and Python are nice languages, but if you look at it from a commercialization and professionalization point of view, only PHP has a company like Zend that really supports the runtime. Only PHP has worked with the IBMs, Oracles, and Microsofts of the world and really made sure that the interpretability to enterprise systems works well. And only PHP has the application ecosystem that is everywhere, like Drupal, Magento, and WordPress.

When you look at it from a vendor support point of view, the partner ecosystem, the application ecosystem, the tool chain, and when we go to enterprise we will never actually see those other languages. It will always be Java and .Net, and we believe that PHP today is ready to take them on.

InfoWorld: I saw an online article from 2006 that referred to PHP as "Pretty Hard to Protect." You mentioned this morning that PHP has an undeserved reputation as far as security deficiencies. What has been done to shore up security concerns in PHP, and what's going to be done going forward?

Gutmans: First of all, Web security is really hard for anyone. It's very hard to get the training and the best practices to build secure apps. It doesn't matter what language you're using. What helps developers build secure applications is having the right frameworks that lead you into building applications in the right way. And the PHP ecosystem has, since 2005 I would say, built out several frameworks that are enterprise-grade.

The leading one is Zend Framework, and Zend Framework really helps instill those best practices that enable companies to build secure Web applications. If you're using a professional framework today, you're just as secure on PHP as you are with any other language. If you're hacking something, you have no skill set, then of course no matter what language you use you're not going to build secure apps.

InfoWorld: Would you say the "Pretty Hard to Protect" acronym definition is no longer accurate?

Gutmans: PHP applications are just as secure as any other application today as long as you're using a good framework, like in any other language.

InfoWorld: What other PHP frameworks are there besides Zend Framework?

Gutmans: There's Symfony, there's CakePHP, and even more than that.

InfoWorld: What about the concern over PHP being slower to execute than languages like C?

Gutmans: I'm a C developer by heart. Absolutely any dynamic language -- including Java and .Net -- is slower than C. C as a language is very close to the bare metal. PHP is one of the fastest dynamic languages. There's a lot of optimization that's gone into it, including work we've done with Intel and other vendors. It's actually very, very fast.

The one thing to remember, though, is the language runtime is one aspect of performance. The reality is a lot of the performance bottlenecks in Web applications are actually I/O. It's network access, database access, file system access, and no matter how fast your runtime is, if that is your bottleneck, it's going to be your bottleneck. You can write it in Assembly, and that's what is going to happen.

Now, the long-term prospect of Web application performance in some cases actually is becoming increasingly challenged because you're building these cloud apps. No matter what language you're using, you're consuming different Web services. Well, Web services by definition are slow. We're going to see increased challenges around application performance as we build these cloud native applications.

InfoWorld: What was the most recent release of PHP?

Gutmans: The most recent was PHP 5.4. That was a very important release because it was a significant step up in performance. We also had a functionality called Traits, which is another object-oriented feature. We had a nicer way to create arrays in PHP 5.4, which is just easier to use. A big change in the Zend Engine [within PHP] was the fact that we reduced memory consumption and increased performance. That was a big step up. We also added support for multibyte languages out of the box.

This article, "Zend CEO: PHP is fit for the enterprise," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2