On Tue, May 3, 2011 at 4:23 PM, Shawn Milochik <sh...@milochik.com> wrote:
> <soapbox> > It seems to me that anyone asking for precedent in their own industry is > actually interested in whether Django is considered safe from things like > the OWASP Top Ten. They're not interested enough to do the research > themselves, so they're going to take an "argument from authority" as > evidence of security. That is poor decision-making in addition to faulty > logic. By their own logic, the first big company to implement Django is > obviously being foolish, because nobody else had done it yet. In addition, > really big companies with big budgets, large IT departments, and audited > compliance with all the standards get hacked regularly. > </soapbox> > > The better question to ask is what kinds of security audits Django has > passed, and what (if any) regular checks are made against target-rich parts > of the system, such as the ORM. However, in the end Django is still just a > framework. It could do everything right and a developer can make one small > oversight and allow an attacker in. I guess the real question is whether the > developer is familiar with the OWASP Top Ten and its ilk, and competent to > write pretty good code. > +1 > > For what it's worth, my company deals with debit cards and electronic > payments, and we use Django. However, we're not a large company, nor a > "financial firm." > > Shawn > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
