[Chicago] Python 3.5 in Ubuntu???
Randy Baxley
randy7771026 at gmail.com
Fri Jan 29 11:24:49 EST 2016
BTW, The talk python podcast is excellent. A lot of good reminders as well
as professorial like comments that may guide us to further study.
On Thu, Jan 28, 2016 at 11:39 PM, eviljoel <eviljoel at linux.com> wrote:
> Hey All,
>
> > But honestly I think security takes work and a lot of time to get
> > right, and it may be better to use tools that have been tested rather
> > than rewrite things from scratch.
>
> This statement could be interpreted as "If you use a secure framework,
> you don't have to worry about security when you write code." This, of
> course, is not true. Every programmer _should_ know how to write secure
> code. If you are relying on frameworks to do your security for you, then
> you are probably writing vulnerable code.
>
> I'm always surprised when I meet a programmer who has been writing web
> applications for years and still does not know what SQL injection and
> cross site scripting attacks are. If you are not familiar with these
> terms, you should probably look them up now. You'll probably immediately
> realize how many insecure applications you've written over the years.
>
> To be fair, Tanya might have just been trying to stear people towards
> using only established frameworks. Generally I agree with this practise,
> if it fits your problem.
>
> Laters,
> eviljoel
>
> On 01/25/2016 05:41 AM, Tanya Schlusser wrote:
> >
> > So a lot of words I guess to say where are
> > the standards and security committees for Ubuntu and Python and how
> > would a
> > civic hacking organization interact with them?
> >
> >
> >
> > There's a recent Talk Python To Me Podcast featuring Justin Seitz, the
> > author of Gray Hat Python and Black Hat Python:
> >
> https://talkpython.fm/episodes/show/37/python-cybersecurity-and-penetration-testing
> >
> > Also, the Ubuntu site's main security page:
> > https://help.ubuntu.com/community/Security
> >
> > But honestly I think security takes work and a lot of time to get right,
> > and it may be better to use tools that have been tested rather than
> > rewrite things from scratch. Web2Py actually follows the recommendations
> > of the Open Web Application Security Project
> > (https://www.owasp.org/index.php/Main_Page). Here's their blurb on
> > security that summarizes the OWASP recommendations:
> > http://www.web2py.com/book/default/chapter/01#Security
> >
> >
> >
> > _______________________________________________
> > Chicago mailing list
> > Chicago at python.org
> > https://mail.python.org/mailman/listinfo/chicago
> >
>
> --
> Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
> A2BE 2D12 24D1 67CA 8830 DDE7 DFB3 676B 196D 6430
>
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160129/1170f1bc/attachment.html>
More information about the Chicago
mailing list