On Saturday 10 Oct 2009 10:46:49 am Noufal Ibrahim wrote: > 0 day Django exploit in the wild - > http://news.ycombinator.com/item?id=872533 > http://www.djangoproject.com/weblog/2009/oct/09/security/
cool - now that django *has* security problems, more people will be comfortable in using it ;-) > > Fixed rather quickly but found rather late. One of the reasons is > probably because of the comparatively smaller user base. If Django had > the same number of users as Drupal, I expect a lot more to be visible. it is not really correct to keep comparing django to drupal - one needs to compare drupal to plone. Django is not a cms, and so it is much simpler and smaller without lots of features, so less likely to have critical vulnerabilities. Further django only accepts stuff that is completely documented and has a full set of tests - I am glad to see that drupal also has some attempt at tests. > > Also, I don't think that merely using PHP means that your site is > less secure. That's a tad too simplistic for my tastes. And I'm also > willing to bet that if I did have to use PHP, using something like > Drupal would be a lot more secure than deploying a home brew CMS. a python programmer that I have a lot of respect for has classified drupal as a 7/10 - which is high praise. He classifies django at 8/10 ;-) -- regards kg http://lawgon.livejournal.com _______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers
