On Tue, 17 Nov 2009 07:38:35 +0530, Kenneth Gonsalves <law...@au-kbc.org> wrote: > On Monday 16 Nov 2009 10:44:27 pm Mike Ramirez wrote: >> > it is precisely this assumption that does not seem logical to me. But >> > frankly I do not know how to counter it ;-) >> > >> >> How is it not logical? Product A is widely used, Product B is used less. >> Bad Guy A. is smart enough to realize that product A if broken can be >> used to gain him more presents because more users have it. >> > > so if we follow your logic to the inevitable conclusion, the moment the bad > > guys train their weapons on django it is going to be shot as full of holes > as > drupal (or even phpbb).
Wrong conclusion. Attackers cannot shoot holes, they can only expose them. There are definitely design decisions you can make to prevent holes, one of the obvious ones is to validate user input. There are two assumptions made in this discussion that are not absolute truths: 1) If an application receives more attention from critical eyes, it is more secure as it lessens the chance that mistakes have been left in releases. However, this doesn't exclude the possibility that there are no mistakes to be found to begin with or even that these eyes find them or that they are practical security risks. MD5 is a good example. It has been secure for many years, because the computational power wasn't there to make any practical attack vectors. 2) If something is used more, it becomes more of a target. This still doesn't exclude the possibility that an attacker will never find your machine. -- Melvyn Sopacua -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=.
