Re: Need a compelling argument to use Django instead of Rails


Bruno Desthuilliers wrote:
Please define "security". I fail to see how language-inforced access
restriction (and mandatory declarative static typing etc) relates to
'security'. As far as I'm concerned, security is about protecting a
system from piracy, not about inflicting useless pain to programmers.

I must agree here. When I am coding I appreciate ease of referencing
things above and beyond a language tying my hands behind my back
supposedly in the name of security. If I am savvy enough and know what
I am doing I can create classes, methods, etc. that implement an
effective security model in terms of encapsulation and hiding. But
there are times that I am creating something that I don't want boxed in
by the language enforcing all of this for me. It's like when people
dismiss PHP as a supposedly insecure language. It's more a problem of
too many newly initiated PHP developers not using techniques they
should be to create secure applications.

.

Relevant Pages

  • Re: Executable Memory in a Driver
    ... >> criminal to expose users to the added bluescreen and security risk. ... In a language that can't access outside an array, ... that doesn't need to move memory. ... > desired in the compiler. ...
    (microsoft.public.development.device.drivers)
  • Re: Standards for developing secure software
    ... > there's a tradeoff between performance and security in most cases. ... >> language, or a library, without a lot of bloat and code slowness. ... can write my code any way I want, and it will compile. ... entire business and development environment to suit a programming language ...
    (SecProg)
  • Re: New to Python: Features
    ... Is that a limitation of the language (the security holes I mean)? ... >done with Python. ... >You can, of course, design by contract. ...
    (comp.lang.python)
  • Re: [Lit.] Buffer overruns
    ... > someone who is expert in security and knows some C ... UB is not a low-level coding skill, it is part of the language. ... If you haven't read the C standard, you probably don't understand UB, ... Knowledge of the language is orthogonal to analysis and design skills. ...
    (sci.crypt)
  • Re: Are bad developer libraries the problem with M$ software?
    ... rarely poeple on security lists. ... If you want to add language specific content to the OWASP Guide feel ... > I think that most on the list would agree that, overall, most web apps are ... > programmers when they haven't been offered a clue. ...
    (SecProg)