0 day Django exploit in the wild - http://news.ycombinator.com/item?id=872533 http://www.djangoproject.com/weblog/2009/oct/09/security/
Fixed rather quickly but found rather late. One of the reasons is probably because of the comparatively smaller user base. If Django had the same number of users as Drupal, I expect a lot more to be visible. Also, I don't think that merely *using* PHP means that your site is less secure. That's a tad too simplistic for my tastes. And I'm also willing to bet that if I did have to use PHP, using something like Drupal would be a lot more secure than deploying a home brew CMS. There was a time when I used to maintain my entire website on my local machine as a bunch of text files using Muse for Emacs. Make edits as I wanted and then 'publish' the site. Not exactly cutting edge tech. and not very flexible but I'm guessing that static HTML pages have better security records than Django and Drupal. :) -- ~noufal http://nibrahim.net.in _______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers
