Page 1 of 2 12 LastLast
Results 1 to 25 of 43
  1. #1
    Join Date
    Sep 2005
    Location
    India
    Posts
    778

    Any large financial institutions using PHP?

    Hi,

    Does anybody know of any large financial institutions/banks which use PHP for their website?

    Thanks,
    Jatinder
    DarshWebSolutions.com : Web Design, PHP Development, E-Commerce Solutions

    PDF-ace.com : HTML to PDF API

  2. #2
    Join Date
    Feb 2005
    Location
    United Kingdom
    Posts
    3,476
    No,I have seen that bank using the ASP for their website & Windows OS.
    Explore our outstanding VPS choices tailored to your budget, and we welcome reasonable offers.
    VPS Price Match Guarantee on: All our range of DDOS protected XEN HVM VPS
    == Contact us for any online solution development or managed / unmanaged vps hosting ==

  3. #3
    Join Date
    Sep 2005
    Location
    India
    Posts
    778
    No,I have seen that bank using the ASP for their website & Windows OS.
    Same here. I couldn't find a single bank which uses PHP. JSP and ASP seems to be the preferred languages for banks.

    I wonder why. Maybe its because PHP is not considered secure enough.
    DarshWebSolutions.com : Web Design, PHP Development, E-Commerce Solutions

    PDF-ace.com : HTML to PDF API

  4. #4
    I think most banks prefer Microsoft compared to open-source.

  5. #5
    Quote Originally Posted by MachSol View Post
    I think most banks prefer Microsoft compared to open-source.
    Yes, you right!

  6. #6
    :-)
    A mainstream programming languages for enterprise applications are Java and .Net
    still..
    Software Freelancer - custom software solutions

  7. #7

    Don't be so sure...

    Quote Originally Posted by Jatinder View Post
    Same here. I couldn't find a single bank which uses PHP. JSP and ASP seems to be the preferred languages for banks.

    I wonder why. Maybe its because PHP is not considered secure enough.

    If you think that no financial institution uses PHP, then you haven't looked hard enough. Three very prominent financial institutions that I know of use PHP: Navy Federal Credit Union (the world's largest credit union), Capital One (5th largest deposit portfolio in the US), and ING Financial Services (ing.us, part of the world's largest financial institution). ING specifically uses Drupal, which has been a proven PHP CMS that is capable of very demanding enterprise level operations. It's anybody's guess as to their database since PHP supports so many, but I say it's likely a toss-up between an enterprise edition of MySQL or Oracle.

    The fact that these institutions use PHP is a testament to the fact that PHP when coded with good security practices is every bit as capable as other server side languages in terms of security. PHP only gets a bad rep because it is relatively easy to learn and novice/beginner/hobbyist PHP programmers don't always use best security practices.

    I would put money on the fact that we will see more financial institutions use PHP in the future, especially smaller institutions that want to get the best possible value for their IT dollars.

  8. #8
    Join Date
    Feb 2011
    Location
    Columbus, Ohio, USA
    Posts
    334
    Quote Originally Posted by Jatinder View Post
    Does anybody know of any large financial institutions/banks which use PHP for their website?

    Sounds like someone wants to hack a bank website
    Andrew Benson - ShoutcastCity
    SHOUTcast/IceCast Streaming & Streaming Reseller
    www.ShoutcastCity.com - Business Class Streaming Solutions
    Price Match Guarantee & 24x7 Support Since 2011

  9. #9
    Quote Originally Posted by abenson View Post
    Sounds like someone wants to hack a bank website
    There would be no need to find a bank with a PHP site to do this. All it takes is to know how to exploit potential security holes in regards to the server side language. ASP.NET is notorious for them, and I'm sure that JSP, Ruby, and Cold Fusion have them as well. I'm not letting PHP off the hook, because it has some as well.

    The bottom line is that any website, regardless of the server side language used, can be very secure when the best security practices are used. PHP is no exception. The reverse holds true as well. Besides, any hacker would have to really know their sh!t to pull any bank hack off and not get caught, since it is relatively easy to track them down.

  10. #10
    PHP was not really made for stuff like that.

  11. #11
    Quote Originally Posted by NeoBB View Post
    PHP was not really made for stuff like that.
    I beg to differ, and so do the sites that I mentioned.

  12. #12
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by phpDeveloper81 View Post
    If you think that no financial institution uses PHP, then you haven't looked hard enough. Three very prominent financial institutions that I know of use PHP: Navy Federal Credit Union (the world's largest credit union), Capital One (5th largest deposit portfolio in the US), and ING Financial Services (ing.us, part of the world's largest financial institution). ING specifically uses Drupal, which has been a proven PHP CMS that is capable of very demanding enterprise level operations. It's anybody's guess as to their database since PHP supports so many, but I say it's likely a toss-up between an enterprise edition of MySQL or Oracle.

    The fact that these institutions use PHP is a testament to the fact that PHP when coded with good security practices is every bit as capable as other server side languages in terms of security. PHP only gets a bad rep because it is relatively easy to learn and novice/beginner/hobbyist PHP programmers don't always use best security practices.

    I would put money on the fact that we will see more financial institutions use PHP in the future, especially smaller institutions that want to get the best possible value for their IT dollars.
    Only ING's FRONTEND CORPORATE site (with ONLY INFORMATION) is in drupal.

    ALL backend (online banking, anything requiring login) is NOT php.
    ====

    NavyFCU's FRONTEND CORPORATE site is in PHP.

    Click log in - it's no longer php.

    ====
    Capitalone's FRONTEND CORPORATE SITE is in PHP.

    https://www.capitalone.com/login.php - ALL OF THEM send you to .aspx on a different domain.


    None of the examples you gave use PHP for anything more than logged-out information display.
    Last edited by quantumphysics; 11-06-2011 at 12:39 PM.

  13. #13
    You are right on Capital One (and likely so with ing.us), but don't forget that I bank with NavyFCU, and you are dead wrong on your assumption that they don't use PHP for their online banking. When I logged into my account, I simply tested it by adding /index.php to the url to see what happened. The results: the same page. NavyFCU uses PHP for their online banking. Fact.

  14. #14
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by phpDeveloper81 View Post
    You are right on Capital One (and likely so with ing.us), but don't forget that I bank with NavyFCU, and you are dead wrong on your assumption that they don't use PHP for their online banking. When I logged into my account, I simply tested it by adding /index.php to the url to see what happened. The results: the same page. NavyFCU uses PHP for their online banking. Fact.
    Server: IBM_HTTP_Server
    https://myaccountsaws.navyfcu.org/mfnfopwd/index.php is a 404

    If you're talking about https://myaccounts.navyfcu.org/cgi-bin/ifsewwwc, look at https://myaccounts.navyfcu.org/cgi-b...wwwc/index.jsp or https://myaccounts.navyfcu.org/cgi-b...ewwwc/anything..

  15. #15
    I am referring to the actual logged-in side of Navy Federal's banking. Here is the address: https://myaccountsaws.navyfcu.org/nfoaa/main

    I don't know if you can ping it, because you gotta log in to view the page. I can because I have a Navy Federal account. I gave you the benefit of the doubt and typed in /index.jsp after main. The result: a 404. Index.php works quite well though.

    BTW, I checked out the link you sent me for Navy Federal's login. Both index.php and index.jsp can access it. I am not ruling out the possibility that JSP is being utilized in some fashion. This wouldn't surprise me since many corporate websites use multiple server-side languages/frameworks to power everything. However, the fact remains that PHP is an integrical part of NavyFCU's online banking system, and not merely to power the front-end of the bank's site.

  16. #16
    Join Date
    May 2009
    Posts
    94
    PHP is not secure. Go to any PHP website and View Source and there you have all the other party's intellectual property exposed.

    So any banking institutions using it are just inviting trouble. That's the reason and the answer to the OP's question.

  17. #17
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by wakh View Post
    PHP is not secure. Go to any PHP website and View Source and there you have all the other party's intellectual property exposed.
    Is this a joke or am I not understanding this post

  18. #18
    Quote Originally Posted by wakh View Post
    PHP is not secure. Go to any PHP website and View Source and there you have all the other party's intellectual property exposed.

    So any banking institutions using it are just inviting trouble. That's the reason and the answer to the OP's question.
    You need to be more specific about how viewing the source HTML of a PHP site "exposes the intellectual property". HTML is HTML. Regardless of the server-side language, the output to the browser is all HTML and any server side language has the potential of exposing sensitive information if the programmers are not careful enough.

    PHP not secure? That is rubbish. PHP's biggest security problem has always been the programmers not coding to best security standards, not the inherent problems in PHP itself. I invite you to show me an article where a PHP site was a security failure despite the best security measures in place. I can certainly show you a few on ASP.NET, yet it hasn't deterred the bulk of the corporate world for using that platform.

    As mentioned and proven in my earlier posts, NavyFCU does use PHP to run their site, front and back end. I have yet to hear of any news related to their site being hacked.

  19. #19
    Join Date
    May 2011
    Location
    Columbus, Ohio
    Posts
    270
    Years ago was asked about setting up a web server for a center I worked for at a University. They INSISTED on running Windows 2000 with IIS over LAMP. Reason? With Microsoft, it is paid for so you can call someone for help. NO JOKE, that was their reason. (despite that I helped maintain a college web server on LAMP, worked with instructors who set up and administered the server, and oh yeah, the university had a whole bunch of guys over in IT who maintained the main university's LAMP web servers!)

    You have to figure, most banks probably started with what they had hired already back when they started online banking, which was probably not as many people sitting around that worked in LAMP environment, they probably had mostly windows developers for their software they ran at the bank.

    Just a fact, you go with what you know. Decision makers know (well think they do) Windows. Back years ago, Linux was "isn't that something they experiment with?"

  20. #20
    Join Date
    May 2009
    Posts
    94
    PHP is not secure because it is not a compiled language like ASP.NET. It is just a hacked up and put together type of language. You have dozens and dozens of framework for it.

  21. #21
    I wouldn't say PHP is not secure. It's just a lot better to use statically compiled languages for financial stuff.

  22. #22
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by NeoBB View Post
    I wouldn't say PHP is not secure. It's just a lot better to use statically compiled languages for financial stuff.
    well.. https://secure.wikimedia.org/wikiquo...Rasmus_Lerdorf

  23. #23
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,201
    Quote Originally Posted by wakh View Post
    PHP is not secure because it is not a compiled language like ASP.NET. It is just a hacked up and put together type of language. You have dozens and dozens of framework for it.
    Please stop. You clearly don't know what you are talking about, and your earlier posts in this thread just further prove that.
    Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  24. #24
    Join Date
    May 2009
    Posts
    94
    Quote Originally Posted by larwilliams View Post
    Please stop. You clearly don't know what you are talking about, and your earlier posts in this thread just further prove that.
    I know what I am talking about. If anyone gets access (whether authorized or unauthorized) to the web server then all your intellectual property is exposed, all the user needs to do is examine the source of the PHP website(now think of the consequences it can have in case it is a Bank website) and all the sensitive and or confidential information is exposed. Do you understand it now?

    ASP.NET on the other hand supports a compilation model. After an ASP.NET web application is compiled you get a bunch of binaries which you deploy to the web server and that's it. In this way your intellectual property (source code) is protected from exposure and from falling into wrong hands.

  25. #25
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,201
    Quote Originally Posted by wakh View Post
    I know what I am talking about. If anyone gets access (whether authorized or unauthorized) to the web server then all your intellectual property is exposed, all the user needs to do is examine the source of the PHP website(now think of the consequences it can have in case it is a Bank website) and all the sensitive and or confidential information is exposed. Do you understand it now?

    ASP.NET on the other hand supports a compilation model. After an ASP.NET web application is compiled you get a bunch of binaries which you deploy to the web server and that's it. In this way your intellectual property (source code) is protected from exposure and from falling into wrong hands.
    If they have access to the web server, it is already too late. They have access to the data regardless of whether they can see the PHP code or not.

    Besides, you do realize that ASP.NET can be decompiled right???
    Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •