[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009

Anand Balachandran Pillai abpillai at gmail.com
Sun Oct 11 07:42:42 CEST 2009


On Sat, Oct 10, 2009 at 8:35 PM, Noufal Ibrahim <noufal at gmail.com> wrote:

> On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten <carl at personnelware.com>
> wrote:
> [..]
> > I need to inject...
> >
> > The line should be:
> >
> > cursor.execute(query, ('burger', '2009-09-10 12:00:00'))
>
> Ah. Then it's just a case of the API doing the quoting internally
> which points to a better API than a better language.
>

 Nobody said Python is a better language than PHP. Indeed comparing both
 is a bit of apples to oranges comparison since both languages are designed
 for totally different intentions. Python is a general purpose language,
whereas
 PHP was built from the ground up for the web.

 My point is there are certain aspects of PHP which makes it easy to write
 vulnerable code if the coder is not careful. In Python, there are again
some
 aspects  (language as well as API) which guards against common pitfalls.



> > and to keep it more like the php example:
> > cursor.execute(query, (productname, buy_datetime))
>
> Yes. That would be closer.
>
> [..]
> > I have done 2 php pages and a bunch of python.  My guess is PHP makes
> > it easier to write vulnerable code, but I am really going on on a limb
> > here, so I'll not try to support this notion.
>
> Yes. I think so too. However, something being in PHP alone doesn't
> disqualify it as a robust and secure product.
>

  A product being robust is a totally different thing from it being secure.
  Robust means it is stable (as in staying up and doing what it is supposed
  to do) and works with reasonable or good performance. Security is
  a totally different aspect. Being secure doesn't imply robustness or
  vice-versa.


>
>
> --
> ~noufal
> http://nibrahim.net.in
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> http://mail.python.org/mailman/listinfo/bangpypers
>



-- 
--Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20091011/5e24c2c2/attachment.htm>


More information about the BangPypers mailing list