High-traffic, Highly-secure web API, what language?

Question

If you were planning on building a high-traffic, very secure site what language would you use?

For example, if you were planning on say building an authorize.net-scale site, that had to handle tons of credit card transactions via an API, what would you use building it from scratch? I would imagine that most sites handling similar traffic with similar security would use non open-source software (correct me if I'm wrong). What open source software would you use and why? Python, Ruby, Erlang, PHP, custom C/C++, or what? Also, would you use a traditional database, or does the NoSQL route make more sense?

Not trying to start a flame-war here, just wondering what the good people of Stack Overflow think on the subject...

Update: As a bit of a clarification, this is entirely hypothetical. I fully understand the importance of knowing your language/platform, just looking for some opinions of strengths/weaknesses of a given language/framework and where (and why) one might be more suitable over another. As far as data goes, I'm thinking customer A bought items X, Y, and Z, from vendor B. So, pretty straightforward, until someone wants to know whether customer C also bought items X and Y or X and Z or Y and Z together in one purchase. So, from a data standpoint, I guess I'm looking at it from a business intelligence standpoint and wondering whether NoSQL has any advantages/disadvantages over a traditional SQL database.

Answer 1

I would choose the one I know the best. In my individual case it will be most likely Java of some sort.

Answer 2

Building high-traffic sites is more about design and architecture than the language. Consider the experience of your team, the availability of third-party libraries you might need, and choose wisely.

You can use a NoSQL database if you like to experiment and don't mind working with technologies that just didn't have the time to accumulate huge amount of experience as relational databases had, but otherwise I'd recommend you to go for the traditional way now.

Answer 3

Although some languages try to make it easier for you to write secure code, .NET comes to mind. I agree with DroidIn that it's not as much about the language as it is about the design and the coder(s). For each language I could give you an example of some huge site using it successfully.

• PHP (Facebook)
• .NET (MSFT sites)
• C++ (some of Google probably)
• Java (Ebay C++ as well I think)
• Ruby (Twitter) etc...

For the database I would say it's not as much about security as it is how big you are going to go and what you are trying to do. If you need 25 database servers with terabytes of storage then go for a free solution like MySQL. But if not, you can't beat the features of Microsoft SQL Server for any run of the mill database application.

Answer 4

Don't choose your tools before you know what job needs to be done.

Open-source vs. non-open-source should be the least of your concerns. It's irrelevant for your goal (unless by "open source" you actually mean "don't have to pay for" :-)).

Relational vs. noSQL is relevant question, but without knowing what type of data will be stored and processed it's a moot point.

As for language - make sure you pick the one you and your team know the best. Building scalable, secure platform is not the time to learn new tools. :-)

Answer 5

This is an extremely subjective question that is totally dependent on the specifics of what you want to do. In terms of an extremely secure site, I think most languages are equal, the important factor is what types of security you implement. Do you sanitize user input? Do you protect from SQL injection? Etc.

I myself prefer to go the Python route, the code is very clean, the libraries are very rich, and it arguably has one of the best web frameworks available, Django. You ask what language we would use to build from scratch, but in my opinion only a foolish developer wouldn't get his/her website started with a solid framework, whether it be Django, Rails, Cake, etc.