[Andys]

The reason Mt Gox needs to obsess over password database is because they don't seem experienced enough to secure the rest of their site. When it comes down to it, they are still a "PHP+mysql" site like all the others on the Internet.

Would you store your funds at the Bank of Wordpress?

[SeoxyS]

There's nothing inherently wrong about using the PHP language or the MySQL RDBMS to build a secure website. Most of the terrible code on the internet is in PHP/MySQL, and most of the PHP/MySQL code is terrible—but that is not a deficiency of the language, but rather a consequence of its ease of use and popularity.

That, though, in no way means that you can't build a good, secure website on the LAMP stack.

It's just a (rather obvious) fact that if you're a bad developer, then you're going to build an insecure site, most likely on LAMP. If you're a good developer, you're probably going to build a good site, which might be on a less common platform, but equally as (or more) likely on LAMP, too.

[chc]

Is a site inherently safer if you use Java?

[Uchikoma]

Might sound strange but: Yes it is. Since the first JDBC DB drivers it's common sense to use prepared statements and not build a query on your own. Because of this SQL injection is a much much smaller problem in Java codebases than in PHP ones. (this being a Java culture result more than a language one).

[tptacek]

Then if you use Wordpress? Yes.

[chc]

I meant than PHP. The implication seemed to be "WordPress is made with PHP, and WordPress isn't bank-quality software, so would you want to trust your money to something made with PHP?" I would trust the credentials of the people behind the site before I'd even give a second's thought to the programming language. (Of course, that doesn't help Mt Gox much either.)

[SlipperySlope]

The Java language is designed for safety, above performance, and ease of creating code. So it is more expensive to create a Java financial system. But safer.

[mcherm]

The quality of your programmer makes more difference than your choice of language and libraries. But your choice of language and libraries has SOME effect. And Java tends to be safer than PHP.

[trafficlight]

Where might I find that plugin?

[illicium]

Facebook is a "PHP+mysql" site.

[dkersten]

I wouldn't store my money on facebook either.

[danssig]

I wouldn't either but that's because I can imagine Facebook just straight-up stealing it. Nothing about security.

[hackinthebochs]

Totally off-topic, but I find this attitude curious. What makes you think facebook would do something of that sort? What possible evidence do you have for the potential of this sort of outright criminal behavior?

It seems to me your loathing of facebook is completely irrational. Unfortunately its this irrationality that drives most discussions regarding facebook in tech circles.

[danssig]

If someone is a known thief, it stands to reason that they will probably steal again if the price is right. Zuckerberg showed, unambiguously, that he will not only steal ideas but sabotage the people he's stealing from. I would say very little is beneath such a person.

[Locke1689]

You're about 2 years out of date.