On Jul 17, 2:43 pm, Bottiger <bottig...@gmail.com> wrote: > - Secure > > The average programmer does not have the ability to see any concrete > benefit this has over Django. From what I've seen learning Web2Py, it > doesn't do anything that Django doesn't do with filtering and escaping > text, html etc.
Django does a good job at security with a few caveats. For the Django admin does not force secure cookies and you can have a Django admin over an unsecure channel. The web2py admin does not allow this unless you trick it by using a proxy. Django does escape by default all text coming from the users (XSS vulnerability). It leaves to the developer the task to do it. We take the opposite approach. We do not trust the developer. > - Server-side form validation > > This is nice, but it is the trademark of Django for having really nice > auto-generated forms. Yes > - Internationalization > > http://docs.djangoproject.com/en/dev/topics/i18n/ Yes. But as an exercise try explain us how to translate a Django app vs how to translate a web2py app. > - SSL Streaming > > Django does it with middleware. But that is the point. In Django, the developer has to setup the middleware to make it work. In Django all files are automatically streamed in upload and download. Downloads also provide out of the box the if modified since protocol and range requests. Note to self.... remember how much more stuff web2py does under the hood when commenting on benchmarks. Massimo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
