Why do I choose Django over Joomla every time?

Posted by: Paul Whipp 3 years, 8 months ago (3773 hits)

I worked with Joomla for many years, building sites using versions 1 through 3. This site has been converted from Joomla 2.5 fairly recently. These days I always favour building new sites with Django. Here are my reasons:

Productivity

Joomla is built on PHP whereas Django is built on Python. I've worked with both languages extensively and I find Python much easier to work with in terms of debugging, modularity, IDE support, and robustness. At the end of the day, programming in Python is fun and programming in PHP is a chore.

Security

Joomla is constantly under attack and I've experienced many sites being compromised. Most of these compromises take advantage of the fact that any php file a hacker can sneak onto the joomla site somewhere accessible can be invoked via its url and can then compromise the site. Django is fundamentally more secure because its code is run as a process. A hacker cannot add a python file to the site and then access it - everything is accessed through specified url patterns and invoked in the python processes. This does not make Django invulnerable - it still has its issues with SQL injection and other forms of attack but it is a much harder target than Joomla.

Extensions

There are many more extensions available for Joomla than there are for Django but they have many more problems interfering with each other or simply not working. I think this goes back to the Productivity issue. It is much easier to get things working in Python than it is in PHP so more Python extensions work as intended. I suspect that Django will catch up in terms of the range of available applications over time. The Python language underpinning it ensures that the extensions (modules) are always going to be less likely to interfere with each other than those written in PHP.

Maintenance

This is closely linked to productivity but it is worth counting separately. Analysing web site code is fundamentally hard because the systems generate a combination of html and javascript to execute on a client. When you are looking at the result, the program that generated it has finished its job and gone away so working out how it has done something or why it has done something wrong is tricky. Django/Python provides a wonderful interactive environment for analysing and stepping through the code that generates the templates so that it is relatively easy to work out what is going on. Furthermore, Django comes with a comprehensive test suite built in making test supported development very easy.

So the bottom line is that I don't do PHP any more other than to maintain legacy systems. While I'm happy using systems other than Django for specialised jobs, Django is such a clean framework (it really is just Python) that I generally use it by default for any web application.

So why is PHP still so popular? Two reasons - legacy systems and the fact that it is better supported in shared hosting environments where its very lack of security makes it much easier for companies to pack hundreds of websites onto shared services.