[BangPypers] [OT] language fanaticism

Tejas Dinkar tejasdinkar at gmail.com
Thu Jul 14 07:51:33 CEST 2011


On Thu, Jul 14, 2011 at 10:31 AM, Baishampayan Ghose <b.ghose at gmail.com> wrote:
> IMHO if an application is insecure, it's the programmer who is to
> blame and not the language/framework.

While it is true that the responsibility is squarely on the programmer
to make sure the app is secure, some frameworks do provide better
features for security baked in, to take care of various types of
security holes.

For example, ruby provides string tainting [1], to make sure that SQL
injection becomes next to impossible.

All frameworks exist to help people develop their apps, and should
have some documented ways to stop common attacks. Whether your app is
secure is a function of which patterns for security the programmer is
used to, and which patterns the framework lends itself to naturally.

However, a talented programmer leave security holes in any
application, regardless of the framework ;-).

[1] http://en.wikipedia.org/wiki/Taint_checking


More information about the BangPypers mailing list