Web forum (made by python)

and-google at doxdesk.com and-google at doxdesk.com
Mon Dec 20 21:13:10 CET 2004


Choe, Cheng-Dae wrote:

> example site is http://bbs.pythonworld.net:9080/pybbs.py

Since this seems quite happy to accept posted <script> elements - never
mind any of the thousand more involved ways to do JavaScript injection
- I'd like to ask a narrower version of the OP's question:

>> I'm looking for a web forum preferably in Python *that is
>> actually secure and does not have cross-site scripting
>> or other more serious vulnerabilities all over the shop*.

We all know the PHP messageboards are crap, because PHP is awful at
security, and encourages application design that is awful at security.

[Sorry. I must have caught flame mode from this thread.]

Python should be able to do better. Has anyone done it? No use for such
a thing myself, but I'd like to be able to recommend something
positively when I pour scorn on the clods using
phpSecurityDisasterBoard. (I do a lot of scorn-pouring, because I am
deep down not a very nice person.)

Don't see anything in PyPI. Do I have to write everything myself? Gah.
I need more beer.
-- 
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/




More information about the Python-list mailing list