On Thu, Jul 14, 2011 at 10:31 AM, Baishampayan Ghose <b.gh...@gmail.com> wrote: > IMHO if an application is insecure, it's the programmer who is to > blame and not the language/framework.
While it is true that the responsibility is squarely on the programmer to make sure the app is secure, some frameworks do provide better features for security baked in, to take care of various types of security holes. For example, ruby provides string tainting [1], to make sure that SQL injection becomes next to impossible. All frameworks exist to help people develop their apps, and should have some documented ways to stop common attacks. Whether your app is secure is a function of which patterns for security the programmer is used to, and which patterns the framework lends itself to naturally. However, a talented programmer leave security holes in any application, regardless of the framework ;-). [1] http://en.wikipedia.org/wiki/Taint_checking _______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers
