When it comes to general vulnerabilities regarding in web development pyramid, like CSRF, XSS, Clickjacking or other Injection attacks pyramid is IMHO as vulnerable as any other framework else. It is up to you to not mess around in the code and to take care for sufficient pretection. Some of the libraries which can be used with pyramid like mako as templating engine does some escaping on default, which makes it a little bit safer. SQLAlchemy prevents SQL-Injection pretty good if you use it as it is meant to be used. But this is true for other libraries and frameworks too.
So on this level you are comparing apples with apples ;) Regarding to the fact that python code tend to be more readable and needs less code to get something work I would say it is "better" for security. It will be better maintainable and less code is less risk for errors. Am Montag, 29. Dezember 2014 21:48:08 UTC+1 schrieb jose: > > I've been wondering what are the vulnerabilities that a framework like > pyramid mighty have? We use mostly java at work (lots of legacy struts > projects) which have all kinds of published vulnerabilities, which got me > to thinking, I know that other frameworks have issues such as PHP, and > nothing can prevent me from writing bad code, but out of the box a > framework like pyramid, which kind of vulnerabilities would it be subject > to? or am I comparing apples and oranges? > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
