Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Mojolicious vs Dancer (security-wise)?

by moritz (Cardinal)
on Sep 19, 2012 at 17:09 UTC ( #994482=note: print w/ replies, xml ) Need Help??


in reply to Mojolicious vs Dancer (security-wise)?

Track record of incidents?

Dancer: none, mojolicious: five in the CVE database. But that might just mean that somebody tracks the mojolicious bugs and nobody tracks the Dancer bugs in CVE.

Which framework advocates more defensive/secure programming and stricter default template language?

Both allow you to use arbitrary template engines. Mojo::Template makes it easier to interpolate escaped strings <%= ... %> than unescaped strings <%== ... %>. I don't know much about Dancer in this regard.

Does the framework work under strict, warnings, strictures, taint mode, setuid setup?

Both work with strinctures. In fact Mojolicious::Lite enables them by default.

(By default?) protection against: XSS, XSRF, SQL injection?

Mojolicious doesn't generate HTML for you by default, so there are neither vulnerabilities nor safeguards against XSRF.

default admin user/password

You're kidding, aren't you?


Comment on Re: Mojolicious vs Dancer (security-wise)?
Select or Download Code
Re^2: Mojolicious vs Dancer (security-wise)?
by Anonymous Monk on Sep 21, 2012 at 07:11 UTC
Re^2: Mojolicious vs Dancer (security-wise)?
by Anonymous Monk on Jan 24, 2013 at 01:14 UTC
    Dancer had the exact same directory traversal bug as Mojolicious (CVE-2011-1589).

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://994482]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (9)
As of 2015-07-02 05:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (28 votes), past polls