Web forum (made by python)
and-google at doxdesk.com
and-google at doxdesk.com
Mon Dec 20 15:13:10 EST 2004
Choe, Cheng-Dae wrote:
> example site is http://bbs.pythonworld.net:9080/pybbs.py
Since this seems quite happy to accept posted <script> elements - never
mind any of the thousand more involved ways to do JavaScript injection
- I'd like to ask a narrower version of the OP's question:
>> I'm looking for a web forum preferably in Python *that is
>> actually secure and does not have cross-site scripting
>> or other more serious vulnerabilities all over the shop*.
We all know the PHP messageboards are crap, because PHP is awful at
security, and encourages application design that is awful at security.
[Sorry. I must have caught flame mode from this thread.]
Python should be able to do better. Has anyone done it? No use for such
a thing myself, but I'd like to be able to recommend something
positively when I pour scorn on the clods using
phpSecurityDisasterBoard. (I do a lot of scorn-pouring, because I am
deep down not a very nice person.)
Don't see anything in PyPI. Do I have to write everything myself? Gah.
I need more beer.
--
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
More information about the Python-list
mailing list