|laziness, impatience, and hubris|
Re: Mojolicious vs Dancer (security-wise)?by moritz (Cardinal)
|on Sep 19, 2012 at 17:09 UTC||Need Help??|
Track record of incidents?
Which framework advocates more defensive/secure programming and stricter default template language?
Both allow you to use arbitrary template engines. Mojo::Template makes it easier to interpolate escaped strings <%= ... %> than unescaped strings <%== ... %>. I don't know much about Dancer in this regard.
Does the framework work under strict, warnings, strictures, taint mode, setuid setup?
Both work with strinctures. In fact Mojolicious::Lite enables them by default.
(By default?) protection against: XSS, XSRF, SQL injection?
Mojolicious doesn't generate HTML for you by default, so there are neither vulnerabilities nor safeguards against XSRF.
default admin user/password
You're kidding, aren't you?