[BangPypers] [OT] language fanaticism
noufal at gmail.com
Thu Jul 14 07:18:20 CEST 2011
Baishampayan Ghose <b.ghose at gmail.com> writes:
> I don't understand how Django apps can automatically guarantee a
> certain level of security while PHP applications can't. Are you trying
> to indicate that each and every Django app that you've built is free
> from any security hole?
Some languages and frameworks encourage practices that are more secure
than others. Raw PHP doesn't, for example, doesn't escape HTML from user
input. The Django templating system can take care of that.
But your second point is valid. I'd put more faith in an app that has
been out there in wild for a few years, has had security problems and
which has responded appropriately rather than something homebrewn I
wrote in a day or two that only I have seen.
After they got rid of capital punishment, they had to hang twice as many people as before.
More information about the BangPypers