The issue of security and firewalls has creeped up on us. 'Someone' has pointed out that JSP is a security sieve. Jie, what we are trying to determine is, 1. Have you been using JSP for your applications? 2. If so, are some of them older/not used anymore, and are others at a stage where conversion to PHP can be down with a reasonable amount of back-coding?

Lasse Koskela

JSPs are not the least bit more dangerous than PHP is -- they both generate HTML/XML based on incoming HTTP request parameters. I don't know a single real security issue with JSPs.

I wouldn't worry too much. Try to ask what the heck does your project manager's "someone" meant with "security sieve".