[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009

Kenneth Gonsalves lawgon at thenilgiris.com
Sat Oct 10 07:40:30 CEST 2009

On Saturday 10 Oct 2009 10:46:49 am Noufal Ibrahim wrote:
> 0 day Django exploit in the wild -
> http://news.ycombinator.com/item?id=872533
> http://www.djangoproject.com/weblog/2009/oct/09/security/

cool - now that django *has* security problems, more people will be 
comfortable in using it ;-)
> Fixed rather quickly but found rather late. One of the reasons is
> probably because of the comparatively smaller user base. If Django had
> the same number of users as Drupal, I expect a lot more to be visible.

it is not really correct to keep comparing django to drupal - one needs to 
compare drupal to plone. Django is not a cms, and so it is much simpler and 
smaller without lots of features, so less likely to have critical 
vulnerabilities. Further django only accepts stuff that is completely 
documented and has a full set of tests - I am glad to see that drupal also has 
some attempt at tests.
> Also, I don't think that merely using PHP means that your site is
> less secure. That's a tad too simplistic for my tastes. And I'm also
> willing to bet that if I did have to use PHP, using something like
> Drupal would be a lot more secure than deploying a home brew CMS.

a python programmer that I have a lot of respect for has classified drupal as a 
7/10 - which is high praise. He classifies django at 8/10 ;-)


More information about the BangPypers mailing list