[BangPypers] Drupal vs. Django

Anand Balachandran Pillai abpillai at gmail.com
Mon Nov 16 10:23:44 CET 2009


On Mon, Nov 16, 2009 at 2:50 PM, Anand Balachandran Pillai <
abpillai at gmail.com> wrote:

>
>
> On Mon, Nov 16, 2009 at 12:42 PM, Ramdas S <ramdaz at gmail.com> wrote:
>
>> On Mon, Nov 16, 2009 at 12:34 PM, Noufal Ibrahim <noufal at gmail.com>
>> wrote:
>>
>> > We had a thread a while ago inspired by the fossee.in site. I came
>> > across this http://birdhouse.org/blog/2009/11/11/drupal-or-django/
>> > which is relevant to the issue and which might interest people who
>> > have to make a decision.
>> >
>>
>
> Nice link, I have been reading it plus comments since you posted it.
> I found this gem somewhere down the page.
>
> "Some attack vectors, like SQL injection (and other input sanitization
> exploits) are pretty much eliminated by Python’s DB API and Django’s ORM and
> Form validation tools. This is not to say you couldn’t create an exploit in
> a Django app, but that you’d have to be trying to on purpose".
>
> I remember I had made a similar point in that thread when it came to
> Python vs PHP on security. This is exactly the point I wanted to make.
>

Sorry to post again, but here is the entire context.

<quote>
Security. Django makes a lot of design decisions that make it hard to write
insecure code. Not impossible, but hard. Some attack vectors, like SQL
injection (and other input sanitization exploits) are pretty much eliminated
by Python’s DB API and Django’s ORM and Form validation tools. This is not
to say you couldn’t create an exploit in a Django app, but that you’d have
to be trying to on purpose. They also give you tools to prevent CSRF which
were optional, but in newer releases are being promoted to “required” in
contrib.admin at least (
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ ) One of PHPs biggest
failings re: security , IMHO, is they made it too easy to do the wrong thing
for far too long. This is improving, but I think you still see this lax
approach reflected in the large number of Drupal exploits that have appeared
and in the way many people don’t seem to take security as seriously in the
PHP universe.
</quote>

>
>
>>
>>
>>
>> We've had a thread last 2 days on django-users with our own Kenneth
>> raising
>> some observations, even that's worth following.
>>
>> Nice link Thanks
>>
>>
>> > ~noufal
>> > http://nibrahim.net.in
>> > _______________________________________________
>> > BangPypers mailing list
>> > BangPypers at python.org
>> > http://mail.python.org/mailman/listinfo/bangpypers
>> >
>>
>>
>>
>> --
>> Ramdas S
>> +91 9342 583 065
>> _______________________________________________
>> BangPypers mailing list
>> BangPypers at python.org
>> http://mail.python.org/mailman/listinfo/bangpypers
>>
>
>
>
> --
> --Anand
>
>
>
>


-- 
--Anand


More information about the BangPypers mailing list