Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Mojolicious vs Dancer (security-wise)?

by moritz (Cardinal)
on Sep 19, 2012 at 17:09 UTC ( #994482=note: print w/replies, xml ) Need Help??

in reply to Mojolicious vs Dancer (security-wise)?

Track record of incidents?

Dancer: none, mojolicious: five in the CVE database. But that might just mean that somebody tracks the mojolicious bugs and nobody tracks the Dancer bugs in CVE.

Which framework advocates more defensive/secure programming and stricter default template language?

Both allow you to use arbitrary template engines. Mojo::Template makes it easier to interpolate escaped strings <%= ... %> than unescaped strings <%== ... %>. I don't know much about Dancer in this regard.

Does the framework work under strict, warnings, strictures, taint mode, setuid setup?

Both work with strinctures. In fact Mojolicious::Lite enables them by default.

(By default?) protection against: XSS, XSRF, SQL injection?

Mojolicious doesn't generate HTML for you by default, so there are neither vulnerabilities nor safeguards against XSRF.

default admin user/password

You're kidding, aren't you?

Replies are listed 'Best First'.
Re^2: Mojolicious vs Dancer (security-wise)?
by Anonymous Monk on Sep 21, 2012 at 07:11 UTC
Re^2: Mojolicious vs Dancer (security-wise)?
by Anonymous Monk on Jan 24, 2013 at 01:14 UTC
    Dancer had the exact same directory traversal bug as Mojolicious (CVE-2011-1589).

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://994482]
[stevieb]: it's a long day when you want to make changes to a project and the entire test suite takes 2 hours to fully run :)
choroba knows the situation. At work, unit tests run for 30 minutes, and integration and end-to-end tests take almost one hour.

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2017-03-26 22:06 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (315 votes). Check out past polls.