[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009
lawgon at thenilgiris.com
Sat Oct 10 07:40:30 CEST 2009
On Saturday 10 Oct 2009 10:46:49 am Noufal Ibrahim wrote:
> 0 day Django exploit in the wild -
cool - now that django *has* security problems, more people will be
comfortable in using it ;-)
> Fixed rather quickly but found rather late. One of the reasons is
> probably because of the comparatively smaller user base. If Django had
> the same number of users as Drupal, I expect a lot more to be visible.
it is not really correct to keep comparing django to drupal - one needs to
compare drupal to plone. Django is not a cms, and so it is much simpler and
smaller without lots of features, so less likely to have critical
vulnerabilities. Further django only accepts stuff that is completely
documented and has a full set of tests - I am glad to see that drupal also has
some attempt at tests.
> Also, I don't think that merely using PHP means that your site is
> less secure. That's a tad too simplistic for my tastes. And I'm also
> willing to bet that if I did have to use PHP, using something like
> Drupal would be a lot more secure than deploying a home brew CMS.
a python programmer that I have a lot of respect for has classified drupal as a
7/10 - which is high praise. He classifies django at 8/10 ;-)
More information about the BangPypers